What is an iptables set of rules that will force hosts connected to a access point that try to access any website (port 80 of any IP or hostname) to be redirected to another device on the network (which is actually separate)?
For example, the second server (hosting the web server) is connected via ethernet, and has a IP of 192.168.1.99/24 (eth0)
The primary server hosts a wireless hotspot (from adapter wlan0ap), and has an IP of 192.168.12.1/24. I want to make it so that any wifi users of the hotspot (in the 192.168.12.0/24 network) that try to access 192.168.12.1:80 or 192.168.12.4:80 or google.com:80 will be forcefully redirected to 192.168.1.99:80.
Currently, I have tried these rules in combination with enabling net.ipv4.ip_forward=1
settings in sysctl
sudo iptables -A POSTROUTING -t nat -o wlan0ap -j MASQUERADE
sudo iptables -t mangle -N internet
sudo iptables -t mangle -A PREROUTING -i wlan0ap -p tcp -m tcp --dport 80 -j internet
sudo iptables -t mangle -A PREROUTING -i wlan0ap -p tcp -m tcp --dport 443 -j internet
sudo iptables -t mangle -A internet -j MARK --set-mark 99
sudo iptables -t nat -A PREROUTING -i eth1 -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination 192.168.1.98