IPTables Ignoring Rule To Redirect Web Traffic

up vote
-1
down vote

favorite

I am trying to do something very simple. I am trying to force all web request to go to my local webserver. I start by activating said webserver on my Kali Linux VirtualBox machine

sudo systemctl start apache2

Then I redirect all web traffic with iptables

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80



sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80

Check to make sure the changes took effect

sudo iptables -t nat -L

They did

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.0.0.1:80

Now when I go to google.com or even example.com I just go to google.com as I normally would. How can I make the changes actually take effect?

edited 23 hours ago

asked 23 hours ago

user21303

296

add a comment |

up vote
-1
down vote

favorite

I am trying to do something very simple. I am trying to force all web request to go to my local webserver. I start by activating said webserver on my Kali Linux VirtualBox machine

sudo systemctl start apache2

Then I redirect all web traffic with iptables

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80



sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80

Check to make sure the changes took effect

sudo iptables -t nat -L

They did

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.0.0.1:80

Now when I go to google.com or even example.com I just go to google.com as I normally would. How can I make the changes actually take effect?

edited 23 hours ago

asked 23 hours ago

user21303

296

add a comment |

up vote
-1
down vote

favorite

I am trying to do something very simple. I am trying to force all web request to go to my local webserver. I start by activating said webserver on my Kali Linux VirtualBox machine

sudo systemctl start apache2

Then I redirect all web traffic with iptables

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80



sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80

Check to make sure the changes took effect

sudo iptables -t nat -L

They did

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.0.0.1:80

Now when I go to google.com or even example.com I just go to google.com as I normally would. How can I make the changes actually take effect?

edited 23 hours ago

asked 23 hours ago

user21303

296

I am trying to do something very simple. I am trying to force all web request to go to my local webserver. I start by activating said webserver on my Kali Linux VirtualBox machine

sudo systemctl start apache2

Then I redirect all web traffic with iptables

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80



sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80

Check to make sure the changes took effect

sudo iptables -t nat -L

They did

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.0.0.1:80

Now when I go to google.com or even example.com I just go to google.com as I normally would. How can I make the changes actually take effect?

linux networking iptables redirection administration

edited 23 hours ago

asked 23 hours ago

user21303

296

edited 23 hours ago

asked 23 hours ago

user21303

296

edited 23 hours ago

asked 23 hours ago

user21303

296

asked 23 hours ago

user21303

296

asked 23 hours ago

user21303

296

add a comment |

1 Answer
1

active

oldest

votes

up vote
0
down vote

accepted

When you go to google.com, your packet never visit PREROUTING chain.
Use OUTPUT instead. enter image description here

answered 23 hours ago

Ipor Sircer

3,34411013

I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
– user21303
23 hours ago

Wait, nevermind. It's working.
– user21303
22 hours ago

I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
– user21303
22 hours ago

add a comment |

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1374938%2fiptables-ignoring-rule-to-redirect-web-traffic%23new-answer', 'question_page');
}
);

Post as a guest

Name

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

up vote
0
down vote

accepted

When you go to google.com, your packet never visit PREROUTING chain.
Use OUTPUT instead. enter image description here

answered 23 hours ago

Ipor Sircer

3,34411013

I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
– user21303
23 hours ago

Wait, nevermind. It's working.
– user21303
22 hours ago

I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
– user21303
22 hours ago

add a comment |

up vote
0
down vote

accepted

When you go to google.com, your packet never visit PREROUTING chain.
Use OUTPUT instead. enter image description here

answered 23 hours ago

Ipor Sircer

3,34411013

I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
– user21303
23 hours ago

Wait, nevermind. It's working.
– user21303
22 hours ago

I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
– user21303
22 hours ago

add a comment |

up vote
0
down vote

accepted

When you go to google.com, your packet never visit PREROUTING chain.
Use OUTPUT instead. enter image description here

answered 23 hours ago

Ipor Sircer

3,34411013

When you go to google.com, your packet never visit PREROUTING chain.
Use OUTPUT instead. enter image description here

answered 23 hours ago

Ipor Sircer

3,34411013

answered 23 hours ago

Ipor Sircer

3,34411013

answered 23 hours ago

Ipor Sircer

3,34411013

answered 23 hours ago

Ipor Sircer

3,34411013

I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
– user21303
23 hours ago

Wait, nevermind. It's working.
– user21303
22 hours ago

I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
– user21303
22 hours ago

add a comment |

I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
– user21303
23 hours ago

Wait, nevermind. It's working.
– user21303
22 hours ago

I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
– user21303
22 hours ago

I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
– user21303
23 hours ago

Wait, nevermind. It's working.
– user21303
22 hours ago

I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
– user21303
22 hours ago

add a comment |

draft saved

draft discarded

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Name

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Gfrktyl