Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : iptables redirect rule - please help

[SysTeam]

Hello!

Please help me to write iptables rule, I need to redirect specific external IPs to another IP instead main website IP.

Any way to do this?

Thank you!

[khunj]

Try something like this :

Code:

fromIP=xx.xx.xx.xx
fromPort=xx
toIP=xx.xx.xx.xx
toPort=xx
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING --dst $fromIP -p tcp --dport $fromPort -j DNAT --to-destination $toIP:$toPort
iptables -t nat -A POSTROUTING -p tcp --dst $toIP --dport $toPort -j SNAT --to-source $fromIP
iptables -t nat -A OUTPUT --dst $fromIP -p tcp --dport $fromPort -j DNAT --to-destination $toIP:$toPort

[SysTeam]

What does it mean?

Quote:

--dport $fromPort

Which port I need to specify, if this is standard request from user to website?

[khunj]

Your visitors will connect to fromIP:fromPort and then iptables will redirect them to toIP:toPort
Note that due to SNAT/DNAT, when your visitors will reach toIP, their IP will be fromIP, not their originating IP. If you need to identify them, use preferably a HTTP reverse proxy that will add their originating IP in the X-Forwarded-For variable.