-3

I want to redirect all the incoming requests to an URL instead of an IP address how can i archive this.. And when I redirect using IP address the redirection is happening but the redirected IP/URL is not shown in the browser address bar.. how to change this?..

The following are the rules i'm setting,

echo "1" > /proc/sys/net/ipv4/ip_forward
ebtables -t nat -N GUEST
ebtables -t nat -A PREROUTING -i eth0 -j GUEST
ebtables -t nat -N GUEST-REDIRECT
ebtables -t nat -A GUEST-REDIRECT -j mark --mark-set 1 --mark-target CONTINUE
ebtables -t nat -A GUEST-REDIRECT -j redirect
ebtables -t nat -A GUEST -p 0x800 --pkttype-type otherhost --ip-proto 6 --ip-dport 80 -j GUEST-REDIRECT
iptables -t nat -A PREROUTING -p tcp -m mark --mark 1 -j DNAT --to-destination 172.40.1.0
iptables -t nat -A POSTROUTING -j MASQUERADE

  1. The clients are redirected to the IP 172.40.1.0. but what i want is to redirect the request to a URL[ example: www.facebook.com/user ].

  2. When I use the above rules the clients are redirected to the IP 172.40.1.0 but in the address bar of the browser its still showing the requested URL not the redirected one.

Jenny D
  • 27,358
  • 21
  • 74
  • 110
user1216216
  • 111
  • 1
  • 1
  • 3
  • 4
    This question makes no sense - you can't convert a URL into an IP address. Turning lead into gold is simpler since they're both elements. Perhaps if you gave an example of what you're trying to achieve (input and output) then you might get a sensible answer. – symcbean Jul 26 '12 at 12:39

3 Answers3

3

If you want the redirected IP/URL to be shown in the browser, you need to send HTTP redirect response to the browser (like 301). Then, the browser will send another request to the new location.

This can not be done using iptables. This needs to be done using any HTTP server/load balancer/proxy.

Khaled
  • 35,688
  • 8
  • 69
  • 98
1

You can't do this with iptables. You're confusing layers in the networking stack: IP is layer 3 in the OSI model, HTTP is layer 7. See http://en.wikipedia.org/wiki/OSI_model

If you want to redirect URL requests you could use Apache together with mod_proxy.

Colin 't Hart
  • 283
  • 2
  • 16
0

I guess you need to redirect incoming connections to a certain port which a web instance, such as Nginx, listens. Then Nginx has to redirect them to your URL.

# Redirect inbound TCP connections, destined to port 80, to port 4444
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:4444

Nginx config:

server {
  listen 127.0.0.1:4444;

  return 301 "http://example.com/notice/";
}

The only reason I can imagine why you should do this, instead of making Nginx listen port 80 directly, is that this solution helps make Nginx instance hot-pluggable, that is, you can make another Nginx instance (say /usr/local/nginx/bin/nginx) and listen on port 80, without actually modifying the existing one's configuration (more specifically /etc/nginx/sites-enabled/*) in order to replace the existing Nginx instance (say /usr/sbin/nginx).

KaiserKatze
  • 101
  • 3
  • The `MASQUERADE` target is counter-productive unless the connection needs to continue against its natural routing direction (such as out of the NIC it came from). Using `MASQUERADE` will deprive your web server from knowing the client's IP which can be quite detrimental. In this case, just the single DNAT will do the trick. Perhaps change `-A` to `-I` to fix any firewall issues. – Zdenek May 19 '19 at 17:36