IPTables Ignoring Rule To Redirect Web Traffic











up vote
-1
down vote

favorite












I am trying to do something very simple. I am trying to force all web request to go to my local webserver. I start by activating said webserver on my Kali Linux VirtualBox machine



sudo systemctl start apache2


Then I redirect all web traffic with iptables



sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80



sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80


Check to make sure the changes took effect



sudo iptables -t nat -L


They did



Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.0.0.1:80


Now when I go to google.com or even example.com I just go to google.com as I normally would. How can I make the changes actually take effect?






linux networking iptables redirection administration







share|improve this question




























    up vote
    -1
    down vote

    favorite












    I am trying to do something very simple. I am trying to force all web request to go to my local webserver. I start by activating said webserver on my Kali Linux VirtualBox machine



    sudo systemctl start apache2


    Then I redirect all web traffic with iptables



    sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80
    

    
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80


    Check to make sure the changes took effect



    sudo iptables -t nat -L


    They did



    Chain PREROUTING (policy ACCEPT)
    
target     prot opt source               destination         
    
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.0.0.1:80


    Now when I go to google.com or even example.com I just go to google.com as I normally would. How can I make the changes actually take effect?






    linux networking iptables redirection administration







    share|improve this question


























      up vote
      -1
      down vote

      favorite









      up vote
      -1
      down vote

      favorite











      I am trying to do something very simple. I am trying to force all web request to go to my local webserver. I start by activating said webserver on my Kali Linux VirtualBox machine



      sudo systemctl start apache2


      Then I redirect all web traffic with iptables



      sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80
      

      
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80


      Check to make sure the changes took effect



      sudo iptables -t nat -L


      They did



      Chain PREROUTING (policy ACCEPT)
      
target     prot opt source               destination         
      
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.0.0.1:80


      Now when I go to google.com or even example.com I just go to google.com as I normally would. How can I make the changes actually take effect?






      linux networking iptables redirection administration







      share|improve this question















      I am trying to do something very simple. I am trying to force all web request to go to my local webserver. I start by activating said webserver on my Kali Linux VirtualBox machine



      sudo systemctl start apache2


      Then I redirect all web traffic with iptables



      sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80
      

      
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80


      Check to make sure the changes took effect



      sudo iptables -t nat -L


      They did



      Chain PREROUTING (policy ACCEPT)
      
target     prot opt source               destination         
      
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.0.0.1:80


      Now when I go to google.com or even example.com I just go to google.com as I normally would. How can I make the changes actually take effect?






      linux networking iptables redirection administration




      linux networking iptables redirection administration






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 23 hours ago

























      asked 23 hours ago









      user21303

      296




      296






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          When you go to google.com, your packet never visit PREROUTING chain.
          Use OUTPUT instead.enter image description here






          share|improve this answer





















          • I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
            – user21303
            23 hours ago










          • Wait, nevermind. It's working.
            – user21303
            22 hours ago










          • I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
            – user21303
            22 hours ago











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1374938%2fiptables-ignoring-rule-to-redirect-web-traffic%23new-answer', 'question_page');
          }
          );

          Post as a guest


















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote



          accepted










          When you go to google.com, your packet never visit PREROUTING chain.
          Use OUTPUT instead.enter image description here






          share|improve this answer





















          • I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
            – user21303
            23 hours ago










          • Wait, nevermind. It's working.
            – user21303
            22 hours ago










          • I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
            – user21303
            22 hours ago















          up vote
          0
          down vote



          accepted










          When you go to google.com, your packet never visit PREROUTING chain.
          Use OUTPUT instead.enter image description here






          share|improve this answer





















          • I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
            – user21303
            23 hours ago










          • Wait, nevermind. It's working.
            – user21303
            22 hours ago










          • I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
            – user21303
            22 hours ago













          up vote
          0
          down vote



          accepted







          up vote
          0
          down vote



          accepted






          When you go to google.com, your packet never visit PREROUTING chain.
          Use OUTPUT instead.enter image description here






          share|improve this answer












          When you go to google.com, your packet never visit PREROUTING chain.
          Use OUTPUT instead.enter image description here







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 23 hours ago









          Ipor Sircer

          3,34411013




          3,34411013












          • I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
            – user21303
            23 hours ago










          • Wait, nevermind. It's working.
            – user21303
            22 hours ago










          • I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
            – user21303
            22 hours ago


















          • I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
            – user21303
            23 hours ago










          • Wait, nevermind. It's working.
            – user21303
            22 hours ago










          • I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
            – user21303
            22 hours ago
















          I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
          – user21303
          23 hours ago




          I tried your suggestion. sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:80 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80 . But after doing sudo iptables -L it looks like the output command is not being added. What did I do wrong?
          – user21303
          23 hours ago












          Wait, nevermind. It's working.
          – user21303
          22 hours ago




          Wait, nevermind. It's working.
          – user21303
          22 hours ago












          I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
          – user21303
          22 hours ago




          I'm receiving an error stating that this site can not provide a secure connection. I suppose I should not be surprised when considering HTTPS. Which begs the question, how do coffee shops redirect users to the terms of service page people need to agree to before they start using the internet?
          – user21303
          22 hours ago


















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1374938%2fiptables-ignoring-rule-to-redirect-web-traffic%23new-answer', 'question_page');
          }
          );

          Post as a guest






































































          -

          Popular posts from this blog

          Сан-Квентин

          Image
          Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но...
          Read more

          8-я гвардейская общевойсковая армия

          Image
          8-я гвардейская общевойсковая ордена Ленина армия Награды: Войска: РККА → Советская армия → СВ России Род войск: Формирование: 1943 Расформирование (преобразование): 1992 Предшественник: 62-я армия (1942—43) → 8-я гвардейская общевойсковая армия (1943—92) → 8-й гвардейский армейский корпус (1992—98) Боевой путь Изюм-Барвенковская операция Донбасская операция Запорожская операция Битва за Днепр Днепропетровская операция Березнеговато-Снигирёвская операция Одесская операция Люблин-Брестская операция Варшавско-Познанская операция Восточно-Померанская операция Берлинская наступательная операция У этого термина существуют и другие значения, см. 8-я армия. Фотография Гвардейского Красного Знамени (лицевая сторона) 8-й гвардейской армии , образца 1943 года. Фотография Гвардейского Красного Знамени (оборотная сторона) 8-й гвардейской армии , образца 1943 года. 8-я гвардейская общевойсковая ордена Ленина армия  — гвардейское фор...
          Read more

          Алькесар

          Image
          Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове...
          Read more