Re: [MLUG] forward all web traffic to one single domain

Thu, 18 Mar 2010 09:23:04 -0700 

The Anarcat wrote:
> So here's an idea: don't use iptables. Just don't route the packets and
> resolve everything to your server.
I like this idea, except it would interfere with me being able to do 
administration I think, since I could not NAT in or out. My final 
solution is this same thing, but using iptables.

I made router serve DHCP range 192.168.0.3-192.168.0.253. I added static 
DHCP allocation for my server at 192.168.0.2. Router is at 192.168.0.1.

I changed /etc/dnsmasq.conf:

# start
address=/#/192.168.0.2
#end

and /etc/config/firewall:

#start
config rule
    option src lan
    option src_ip 192.168.0.0/24
    option dest wan
    option proto tcp
    option target REJECT

config rule
    option src lan
    option src_ip 192.168.0.2
    option dest wan
    option proto tcp
    option target ACCEPT
#end

I then modified the server's nameservers to be outside of the router 
(ISP for now, opendns or similar later).

So, only the server can resolve domains (unless client has their own 
nameserver setup, and I plan to add UDP blocking as well), and only the 
server can get out of WAN port even if they can resolve stuff.

Works perfectly, any domain you enter goes to my website with no 
redirects or warnings.

First of all, kudos to openwrt for continually improving their OS, it is 
an awesome project. Secondly, I love dnsmasq, it makes these weird 
things easy to do. This is the kind of elegant solution I was looking 
for, and I think it will be reasonably robust once I fully lock it down.

The server is an Intel D510MO board with integrated fanless Atom 1.6ghz 
CPU, 4G RAM (no swap), 4G usb root hard drive, 120GB usb hard drive for 
data, WRT54GL w/ openwrt, homebrew FM transmitter (anyone an antenna 
guru? hehe that is the next hurdle, moving from my whip antenna). It is 
housed in an aluminum attache case I have lined with sheet metal for 
heat absorption Runs lighttpd, mpd, jinzora, ipod mpd webclient, mpd 
http stream. CPU runs at about 40deg under heavy load.

Thanks for all who helped,

Jeremy
_______________________________________________
mlug mailing list
[email protected]
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Reply via email to