| View previous topic :: View next topic |
| Author |
Message |
Krigare
Tux's lil' helper
Joined: 12 Nov 2003
Posts: 92
Location: ::1
|
 Posted: Sat Apr 03, 2004 5:21 pm Post subject: Incomming port 80 to my friends port 80 (advanced) |
 |
|
Hi Friends!
To explain this in an easy form I'm going to be as clear as I can be.
My friend and I have one computer each, we have a separate internet provider and we want to route all connections on port 80 coming to my computer to his computer to his port 80, is this possible?
(NOTE: We are not on the same network - we have separate ISP and are physically about 200km from eachother.)
In a much more clear form:
Step 1: Some dude surfing to my computers ip. (http://200.100.50.25:80)
Step 2: My computer route him to my friends ip. (200.100.50.25:80 ==> 130.140.150.160:80)
Step 3: The dude can see my friends website. (http://130.140.150.160:80)
Questions
[1] Is this possible with Iptables?
[2] How do I do it?
_________________
Together we are strong. |
|
| Back to top |
|
 |
creese
n00b
Joined: 13 Aug 2003
Posts: 58
Location: Folsom, CA
|
| Posted: Sat Apr 03, 2004 10:27 pm Post subject: |
|
|
| This should really be done by having your HTTP server send redirects. This way traffic doesn't continue to go through your node. |
|
| Back to top |
|
|
dreamer
Apprentice
Joined: 16 Aug 2003
Posts: 236
|
| Posted: Sat Apr 03, 2004 10:54 pm Post subject: |
|
|
1. yes
2. forward all traffic headed to your port 80 to his IP, looks something like this:
| Code: | | iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <friends ip> |
This should do the trick. IF i understood you correctly.
Maybe you need to adjust the policy of your FORWARD chain as well. |
|
| Back to top |
|
|
Krigare
Tux's lil' helper
Joined: 12 Nov 2003
Posts: 92
Location: ::1
|
| Posted: Sat Apr 03, 2004 11:15 pm Post subject: |
|
|
Hi, Thank you for your replies!
| Quote: | | This should really be done by having your HTTP server send redirects. This way traffic doesn't continue to go through your node. |
This doesnt work for this type of solution because my computer aren't running any httpd-service.
| Quote: | Code:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <friends ip>
This should do the trick. IF i understood you correctly.
Maybe you need to adjust the policy of your FORWARD chain as well.
|
This might work, but i tried just to add that command but didn't work, as a result, my ability to surf the web died when i injected it. How exactly do you want me to change my forward policy?
Any other ideas?
_________________
Together we are strong. |
|
| Back to top |
|
|
dtor
Guru
Joined: 19 Jan 2004
Posts: 461
Location: Indiana, USA
|
| Posted: Sat Apr 03, 2004 11:52 pm Post subject: |
|
|
| dreamer wrote: | 1. yes
2. forward all traffic headed to your port 80 to his IP, looks something like this:
| Code: | | iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <friends ip> |
This should do the trick. IF i understood you correctly.
Maybe you need to adjust the policy of your FORWARD chain as well. |
Well, it will work, but only for machines behind his (ones that are using his as a gateway), not for outside world. You do not have an ability to affect routing of my machine.
To redirect incoming HTTP requests he needs to set up something actively listening on port 80 and responding with a redirect.
_________________
Dmitry |
|
| Back to top |
|
|
dreamer
Apprentice
Joined: 16 Aug 2003
Posts: 236
|
| Posted: Sun Apr 04, 2004 12:02 am Post subject: |
|
|
hmmz, it's exaclty 2:00 AM over here, i'll think about a solution first thing in the morning.  |
|
| Back to top |
|
|
dtor
Guru
Joined: 19 Jan 2004
Posts: 461
Location: Indiana, USA
|
| Posted: Sun Apr 04, 2004 1:37 am Post subject: |
|
|
Well, what can I say... Google is a very powerful thing...
| Code: |
$cat > /usr/local/bin/redirect.sh
#!/bin/sh
echo HTTP/1.0 302 RD
echo Location: http://www.gentoo.org
|
Then:
| Code: |
$chmod 755 /usr/local/bin/redirect.sh
$cat > /etc/xinetd.d/redirect
service www
{
disable = no
socket_type = stream
wait = no
user = nobody
server = /usr/local/bin/redirect.sh
nice = 10
}
|
And finally:
| Code: |
$killall -HUP xinetd
|
Substitute www.gentoo.org with the required destination. To test try connecting to 127.0.0.1 with your browser.
_________________
Dmitry |
|
| Back to top |
|
|
dreamer
Apprentice
Joined: 16 Aug 2003
Posts: 236
|
| Posted: Sun Apr 04, 2004 10:42 am Post subject: |
|
|
very nice  |
|
| Back to top |
|
|
Krigare
Tux's lil' helper
Joined: 12 Nov 2003
Posts: 92
Location: ::1
|
| Posted: Thu Apr 08, 2004 9:37 pm Post subject: |
|
|
Thanks alot dude, exactly what I was looking for!
_________________
Together we are strong. |
|
| Back to top |
|
|
|
Networking & Security
