Linux Advanced Routing and Traffic Control list
 help / color / mirror / Atom feed
From: Juri Haberland <haberland@altus.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Redirecting wayward traffic
Date: Tue, 05 Jun 2001 16:43:34 +0000	[thread overview]
Message-ID: <marc-lartc-99175945725606@msgid-missing> (raw)
In-Reply-To: <marc-lartc-99174669408206@msgid-missing>

David Talbot wrote:
> 
> I may just do that (god knows it would make the walling process easier to be
> able to use reg exps), but before I do let me explain the overall problem.
> 
> If I do the transparent proxy I would want it done to all addresses except
> the ones on my explicit list. For example:
> 
> I want 10.0.1.1 and 10.1.250.1 to have full unrestricted access to the
> internet including FTP, Kazaa, etc.
> All other IPS I want to only be able to use port 80 (web) through the
> transparent proxy. The proxy I would configure to use the walled ACLs so all
> these people have access to is amazon.com.
> 
> Is that possible? With the transparent proxy iptables settings I've seen so
> far the transparent proxy applies to everyone when it is done. How can I
> make it so people on my unfettered access list don't get piped through the
> proxy?

Sure, should be no problem using iptables:
First allow 10.0.1.1 and 10.1.250.1 access to the required services
(www, ftp) and then use a rule that redirects all traffic to port 80 to
your proxy. After that put a rule that denies everything. So your other
clients can only access port 80 via the proxy and nothing more whereas
those special clients have full access without going via the proxy.

That should be it (or have I overlooked something?).

Juri

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

  parent reply	other threads:[~2001-06-05 16:43 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-06-05 13:09 [LARTC] Redirecting wayward traffic David Talbot
2001-06-05 14:55 ` Adrian Chung
2001-06-05 15:12 ` David Talbot
2001-06-05 15:48 ` Juri Haberland
2001-06-05 16:06 ` Adrian Chung
2001-06-05 16:20 ` David Talbot
2001-06-05 16:39 ` Adrian Chung
2001-06-05 16:43 ` Juri Haberland [this message]
2001-06-05 21:18 ` David Talbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-99175945725606@msgid-missing \
    --to=haberland@altus.de \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox