Tuesday, April 2, 2013

URL Redirection Using iptables

We will configure IPTables on a Linux server to redirect all the traffic coming on port 80, (which is the default web server port), to a server with the IP 122.164.34.240. The first step is to set your Linux box to allow this kind of forwarding to take place. Open a terminal window, log in as root user and run the following command:

#vim /etc/sysctl.conf
(add new line)

net.ipv4.ip_forward=1

save and exit

The next step is to tell IPTables to redirect the traffic to the new server:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 122.164.34.240
 

Here’s where the IPTables magic happens. With the third and final step we tell IPTables to rewrite the origin of connections to the new server’s port 80 to appear to come from the old server.

iptables -t nat -A POSTROUTING -p tcp -d 122.164.34.240 --dport 80 -j MASQUERADE


The final step is required because if we don’t tell the web server of the new server that the connections are coming from the client machines, it would think that they are originating from the old server.
You may want to repeat this for the databases and email server port as well.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)