* (no subject)
@ 2003-09-10 16:02 Kilson Arruda
2003-09-10 17:43 ` Some subject Ramin Dousti
2003-09-10 18:53 ` (no subject) Alistair Tonner
0 siblings, 2 replies; 3+ messages in thread
From: Kilson Arruda @ 2003-09-10 16:02 UTC (permalink / raw)
To: netfilter
I have a Transparent Proxy like this
$IPTABLES -t nat -A PREROUTING -p tcp
--dport 80 ! -d $DIRECT_IP -m mac --mac-source $MAC -j REDIRECT --to-port
3128
Question: can I use more then one "! -d", or multiple IPs to don't REDIRECT
the port 80 for more then one IP?
If yes, how can I do this?
--
Kilson Arruda
Linux User # 228238
________________________________________________
www.onwave.com.br - Internet e Conectividade
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Some subject
2003-09-10 16:02 (no subject) Kilson Arruda
@ 2003-09-10 17:43 ` Ramin Dousti
2003-09-10 18:53 ` (no subject) Alistair Tonner
1 sibling, 0 replies; 3+ messages in thread
From: Ramin Dousti @ 2003-09-10 17:43 UTC (permalink / raw)
To: Kilson Arruda; +Cc: netfilter
First of all the notation is:
-d, --destination [!] address[/mask]
and not:
[!] -d, --destination address[/mask]
Secondly, there is only one "-d" permitted in each rule. If you can bundle
the IP's with the mask you're fine otherwise you need to have multiple rules.
Ramin
On Wed, Sep 10, 2003 at 01:02:22PM -0300, Kilson Arruda wrote:
> I have a Transparent Proxy like this
>
> $IPTABLES -t nat -A PREROUTING -p tcp
> --dport 80 ! -d $DIRECT_IP -m mac --mac-source $MAC -j REDIRECT --to-port
> 3128
>
> Question: can I use more then one "! -d", or multiple IPs to don't REDIRECT
> the port 80 for more then one IP?
> If yes, how can I do this?
>
> --
> Kilson Arruda
> Linux User # 228238
>
>
>
> ________________________________________________
> www.onwave.com.br - Internet e Conectividade
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: (no subject)
2003-09-10 16:02 (no subject) Kilson Arruda
2003-09-10 17:43 ` Some subject Ramin Dousti
@ 2003-09-10 18:53 ` Alistair Tonner
1 sibling, 0 replies; 3+ messages in thread
From: Alistair Tonner @ 2003-09-10 18:53 UTC (permalink / raw)
To: Kilson Arruda, netfilter
On September 10, 2003 12:02 pm, Kilson Arruda wrote:
See Ramin Dousti's correction to your notation.
next point -- exclusions require a separate user chain to stack
exclusions.
Create new chain, send all packets destined for the redirection port to
this chain,
then in this chain, RETURN the packets you DONT want redirected, and
at the end of this chain, redirect everything....
you can't stack exclusions since the first exclusion will grab the targets
of all successor exclusions.
> I have a Transparent Proxy like this
>
> $IPTABLES -t nat -A PREROUTING -p tcp
> --dport 80 ! -d $DIRECT_IP -m mac --mac-source $MAC -j REDIRECT --to-port
> 3128
>
> Question: can I use more then one "! -d", or multiple IPs to don't REDIRECT
> the port 80 for more then one IP?
> If yes, how can I do this?
>
> --
> Kilson Arruda
> Linux User # 228238
>
>
>
> ________________________________________________
> www.onwave.com.br - Internet e Conectividade
--
Alistair Tonner
nerdnet.ca
Senior Systems Analyst - RSS
Any sufficiently advanced technology will have the appearance of magic.
Lets get magical!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-09-10 18:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-09-10 16:02 (no subject) Kilson Arruda
2003-09-10 17:43 ` Some subject Ramin Dousti
2003-09-10 18:53 ` (no subject) Alistair Tonner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.