[Novalug] iptables and redirecting HTTP request to a different server in a virtual OpenVZ machine

James Ewing Cottrell 3rd JECottrell3@Comcast.NET
Thu Aug 23 20:24:50 EDT 2012


Good Question...but why not Redirect in Apache?

Or maybe...run this shell script on Port 80:

#! /bin/sh
cat <<EOF
200 OK

<html><head><title>Down For Maintenance</title></head>
<body><p>Bring Me the Broomstick of the WWotWest</p></body></html>
EOF
sleep 2

You can mv httpd httpd.real, call the above script httpd.fake, and 
simply copy whichever on you like to httpd. You can even modify 
/etc/init.d/httpd to add a "fake" and a "real" stanza.

Another idea is to set up a SSH Tunnel.

JIM

On 8/21/2012 10:10 AM, Miguel Gonzalez wrote:
> Not sure if it's OpenVZ or what, but I can't make to work a rule that forwards based on IP address all HTTP requests to a different server.
>
> I have enabled ip fowarding and run these commands:
>
> iptables -t nat -A PREROUTING -p tcp -s YYY.YYY.YYY.YYY --dport 80 -j DNAT --to XXX.XXX.XXX.XXX:80
> iptables -A FORWARD -p tcp -d XXX.XXX.XXX.XXX --dport 80 -j ACCEPT
>
> iptables -t nat -A PREROUTING -p tcp -s YYY.YYY.YYY.YYY --dport 80 -j DNAT --to XXX.XXX.XXX.XXX:80
> iptables -t nat -A PREROUTING -p tcp -s YYY.YYY.YYY.YYY --dport 443 -j DNAT --to XXX.XXX.XXX.XXX:80
> iptables -A FORWARD -p tcp -d XXX.XXX.XXX.XXX --dport 80 -j ACCEPT
> iptables -A FORWARD -p tcp -d XXX.XXX.XXX.XXX --dport 443 -j ACCEPT
>
> What I'm trying to achieve is while I'm doing some maintenance on my server, to route people to a web server set up to run a maintenance webpage
>
> What am I doing wrong?
>
> Regards,
>
> Miguel
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>




More information about the Novalug mailing list