Hello all,

I've recently setup a NAT (and working on an addition WAP) with eth0 being the external network and eth1 being the internal network

what I would like is if any clients on the internal network do any requests, http for example, to the external network..or even say google.com or youtube.com that they're instead redirected to an apache server that's runnong on the internal network at 192.168.2.1 on say 65000.

I've tried
iptables -A PREROUTING -t nat -s 192.168.2.0/255.255.255.0 -p tcp --dport 80 -j DNAT --to-destination 192.168.2.1:65000
however...this doesn't work. infact I can't even ping the external network after this is used.

any suggestions?

Are you being evil?

I think this is basically what you want...

http://www.ex-parrot.com/~pete/upside-down-ternet.html

lol matt...not exactly evil. it's more or less for educational and informational purposes.

I was able to get
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.2.1:65000
working to some extent. If the computer and IP is up and running the redirection will occur. Though, when the "wanted" destination (say google.com) isn't up (when there isn't an internet connection present) I would still like the redirection to occur..and with this it simply doesn't do it.

Is there a way to make that happen aswell?

So you have your gateway system set up to do ipforwarding (I assume)?

When the client computer requests www.google.com, it first sends out a dns request (not on port 80 of course). When it gets an address back it requests to load a page from that address. So unless you're running a DNS cache, when the external internet connection (eth0) is down the client computer's browser will never get a reply to its DNS query and will never request any page for you to spoof.

yup..I actually realized that when I walked away and ate a banana...stupid brain.