dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed



[Servers] Iptables prerouting questions

Our network layout is pretty simple.

We use a system called netequalizer to keep everyone playing fair on our business network. All the desktop systems are assigned a static IP address and we wish to redirect troubled customer to an Apache server where we grab the IP address do a MYSQL look up and display the message.

I thought this would be pretty simple, as the employees can already see the apache server. I added this rule into the iptables of Netqualizer.
iptables -t nat -A PREROUTING -s -p tcp --dport 80 -j DNAT --to is the Apache server is the employee that need to receive a notification.

However it only seems to block the port 80 traffic rather than redirect it to the Apache server.
I am not great at networking so forgive me if this is a basic question.

I have Ipforwarding enabled (1) on the equalizer. We have all the option set to policy ACCEPT across. I have setup this box as a simple bridge nothing fancy here.

I have root access and can run any commands. I have been working on this for 3 days and really appreciate any help anyone can provide!

Raleigh, NC
You are trying to REDIRECT traffic into the same network. That's simply not going to work. (you cannot NAT 192.168.10 into 192.168.10) The apache server has to be in a different network, on a different interface. Or use the REDIRECT target instead of NAT -- see also: setting up a squid proxy.

(note: even if you get the traffic going where you want, apache has to be setup to handle the "non-local" url -- i.e. the _default_ vhost.)


Sorry I forgot to add that netequalizer is setup on, this is the system with the iptables -t nat -A PREROUTING -s -p tcp --dport 80 -j DNAT --to

the Apache server is a whole different system.


Grande Prairie, AB
·TekSavvy DSL
Yes, but cramer's point stands. Does the client have to cross the bridge to talk to the server? If not, then your rule will never see the packet. If so, then you want to REDIRECT, not NAT.

NAT is for routers, not bridges.