Re: How to NOT redirect.. - Anders Fugmann

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Anders Fugmann <afu@fugmann.dhs.org>
To: "Karina Gómez Salgado" <kgs@acabtu.com.mx>
Cc: netfilter@lists.netfilter.org
Subject: Re: How to NOT redirect..
Date: Thu, 07 Nov 2002 23:59:16 +0100	[thread overview]
Message-ID: <3DCAF044.9020509@fugmann.dhs.org> (raw)
In-Reply-To: 3DCAB394.BE9050AF@acabtu.com.mx

Karina Gómez Salgado wrote:
> Hi, I'm using iptables for redirect requests to port 80 to port 3128 of
> Squid.
> 
> But I have a problem, because some of the squid users have trouble
> accessing certain services through the proxy, i want to this users
> bypass the proxy when they try to reach certain sites.
> 
I had a simillar problem where clients could access sites directly, but 
not when the transparent quid was setup. The problem was that the server 
had ECN enabled. Some brain-dead routers/firewalls filter out all 
packets with the ECN bit set. Disabling ECN on the firewall solved the 
problems.
Try to look at the value of /proc/sys/net/ipv4/tcp_ecn. If the value is 
'1', then do an 'echo 0 > /proc/sys/net/ipv4/tcp_ecn' on the machine 
running the squid and see if the problem persists.

This might be an easier way to solve the problem rather than adding 
specific rules to let machines bypass the proxy.

Regards
Anders Fugmann
--
Author of FIAIF
FIAIF is an intelligent firewall
http://fiaif.fugmann.dhs.org

     prev parent reply	other threads:[~2002-11-07 22:59 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-07 18:40 How to NOT redirect Karina Gómez Salgado
2002-11-07 21:56 ` Antony Stone
2002-11-08  1:19   ` Karina
2002-11-07 22:59 ` Anders Fugmann [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DCAF044.9020509@fugmann.dhs.org \
    --to=afu@fugmann.dhs.org \
    --cc=kgs@acabtu.com.mx \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox