I have iptables and apache running on a gateway machine.
1) All machines behind the gateway should not be able to access the internet.
2) If they try to browse any other website, they should be automatically redirected to a another site http://www.xyz.com (which is also under my control).
In order to do this, I tried the following in iptables.
*nat
-A PREROUTING -i eth3 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 80
(redirect all browsing requests to port 80 on gateway machine itself)
And in the Apache server running on the gateway machine,
in /etc/apache2/sites-available/default
RedirectMatch .* http://www.xyz.com/
After doing, this when I try to browse any site from behind the gateway, I get errors.
In firefox - "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."
In Chrome - Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
In IE - something similar happens.
It looks like the iptables & RedirectMatch work with each other to go into a recursive loop. What can I do to prevent this?
You could add the IP address of the destination webserver to your iptables rule:
-A PREROUTING -i eth3 -p tcp ! -d 1.2.3.4 -m tcp --dport 80 -j REDIRECT --to-ports 80
Or, if you're in control of the server at
xyz.com
. Host it on a different port.