From: Bernardo Vieira <bernardo.vieira@terra.com.br>
To: netfilter@lists.netfilter.org
Subject: Re: Allowing hosts to bypass transparent proxy (squid+netfilter) to port 80 for a specific netmask
Date: Thu, 14 Dec 2006 20:06:08 -0200 [thread overview]
Message-ID: <4581CAD0.3070604@terra.com.br> (raw)
In-Reply-To: <1166131570.6534.33.camel@andybev.localdomain>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andy,
Thanks for your reply. That rule did allow me to bypass the proxy, the
java app I'm supposed to run still doens't work, but now I'm conviced
It's not my gateway messing it up.
That diagram really kicks ass! :)
Thanks!
Bernardo
Andrew Beverley wrote:
> Sorry for the top posting but it's a big message...
>
> How about trying
>
> -A PREROUTING -i ! eth0 -p tcp -m tcp --dport 80 -d \
> 200.201.160.0/255.255.240.0 -j ACCEPT
>
> directly *before* the rule to direct hosts to squid.
>
> The other rule you noted is a FORWARD rule which is processed *after*
> the PREROUTING rule you use for squid, so by the time the packets get to
> that rule they've already been grabbed by squid.
>
> The following link is an excellent diagram to appreciate the routing
> order - it would be nice to see this on the netfilter homepage!
>
> http://www.docum.org/docum.org/kptd/
>
> Andy Beverley
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFgcrQ2QVs8jsa1mQRAjRkAJ41dcrz2nApIuNGXHObr6hJlw5JrACfS0Is
yW/TDJciO/9bLdH6og3ESc4=
=ygI0
-----END PGP SIGNATURE-----
prev parent reply other threads:[~2006-12-14 22:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-14 20:48 Allowing hosts to bypass transparent proxy (squid+netfilter) to port 80 for a specific netmask Bernardo Vieira
2006-12-14 21:26 ` Andrew Beverley
2006-12-14 22:06 ` Bernardo Vieira [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4581CAD0.3070604@terra.com.br \
--to=bernardo.vieira@terra.com.br \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox