* Bypass transparent proxy in iptables?
@ 2006-01-06 1:37 Jamie McParland
2006-01-06 12:16 ` Georgi Alexandrov
2006-01-08 4:54 ` /dev/rob0
0 siblings, 2 replies; 3+ messages in thread
From: Jamie McParland @ 2006-01-06 1:37 UTC (permalink / raw)
To: netfilter
This is probably the wrong place to ask this but i don't know where else to
turn. I'm using IPCOP as my distro and we use iptables to do transparent
proxy with squid.
I have one site that is balling up in squid and need to totally bypass
squid. Doing an ACL in squid doesn't work.
I know i could somehow put some rule before the transparent rule and bypass
it that way but i can't seem to figure it out. I asked the ipcop list but
didn't have any luck there. I thought the IPTable gurus might have an idea.
Thanks,
Jamie
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Bypass transparent proxy in iptables?
2006-01-06 1:37 Bypass transparent proxy in iptables? Jamie McParland
@ 2006-01-06 12:16 ` Georgi Alexandrov
2006-01-08 4:54 ` /dev/rob0
1 sibling, 0 replies; 3+ messages in thread
From: Georgi Alexandrov @ 2006-01-06 12:16 UTC (permalink / raw)
To: netfilter
Jamie McParland wrote:
>This is probably the wrong place to ask this but i don't know where else to
>turn. I'm using IPCOP as my distro and we use iptables to do transparent
>proxy with squid.
>
>I have one site that is balling up in squid and need to totally bypass
>squid. Doing an ACL in squid doesn't work.
>
>I know i could somehow put some rule before the transparent rule and bypass
>it that way but i can't seem to figure it out. I asked the ipcop list but
>didn't have any luck there. I thought the IPTable gurus might have an idea.
>
>Thanks,
>Jamie
>
>
>
>
>
>
Let's asume you are using a rule like this one:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
Let's asume the site you'll be bypassing is www.McParland.com.
Just add a rule before the REDIRECT one like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d
www.McParland.com -j RETURN
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
That would cause tcp packets coming from eth0 with destination port 80
and destination host www.McParland.com
to stop travelling PREROUTING chain of the nat table. E.g. they won't
hit the REDIRECT rule and will not be
redirected to squid's port.
regards,
Georgi Alexandrov
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Bypass transparent proxy in iptables?
2006-01-06 1:37 Bypass transparent proxy in iptables? Jamie McParland
2006-01-06 12:16 ` Georgi Alexandrov
@ 2006-01-08 4:54 ` /dev/rob0
1 sibling, 0 replies; 3+ messages in thread
From: /dev/rob0 @ 2006-01-08 4:54 UTC (permalink / raw)
To: netfilter
On Thursday 2006-January-05 19:37, Jamie McParland wrote:
> I know i could somehow put some rule before the transparent rule and
> bypass it that way but i can't seem to figure it out. I asked the
> ipcop list but didn't have any luck there. I thought the IPTable
> gurus might have an idea.
Georgi told you what rules to use, but as to how to make it "stick" in
your distro, you will have to go back and ask them (unless you read the
scripts and figure it out on your own.)
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-01-08 4:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-06 1:37 Bypass transparent proxy in iptables? Jamie McParland
2006-01-06 12:16 ` Georgi Alexandrov
2006-01-08 4:54 ` /dev/rob0
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox