Calling iptables gurus - Help with DNAT

[scoob8000]

I've setup a redhat box with two nics and bridged them. No interfaces have an IP on them, this box will be locally managed.

This device will be used to transparently control it's users. I can handle blocking of services that are not allowed, but I would like to redirect web browsing to a page displaying a message to users.

I've found a few examples similar to this, but none work as expected. I'm not sure if it's because I'm bridging or doing something wrong here.

iptables -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination xxx.xxx.xxx.xxx

Halp!

 

[cytech]

i use:
iptables -t nat -A PREROUTING -d x.x.x.x -p tcp --dport 3389 -j DNAT --to-destination x.x.x.x
for redirecting rdp. works fine

 

[scoob8000]

Ah! I must of missed something in the syntax because I have it working perfectly now!

Requirements changed a little bit and I had to put the "redirect page" on the same box as the bridge. I've got a public ip on the bridge interface now and apache listening on port 88.

Changing the DNAT rule to the bridges interface and port 88 doesn't seem to do the trick. <stumped>

 

[scoob8000]

Just an update for anyone that might stumble upon this in a search..

When running as a bridge you need to use ebtables along with iptables to handle this kind of redirect.