Le 11/03/2018 à 11:01, Nicolas Kovacs a écrit : > So here's what I want to do, in plain words: > > 1. Redirect all HTTP traffic (port 80) to port 3128. So far so good. > > 2. Redirect all HTTPS traffic (port 443) to port 3129. Equally OK. > > AND... > > 3. DO NOT REDIRECT traffic that goes to certain domains, like: > > github.com > credit-cooperatif.coop > cloud.microlinux.fr > squid-cache.org > etc. I've experimented some more, and I have a partial success. Here, I'm redirecting all HTTPS traffic *except* the one that goes to my bank: iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129 This works because my bank is hosted on a single IP. As soon as I replace that with a domain that's hosted on multiple IP's, I get this: iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.google.com --dport 443 -j REDIRECT --to-port 3129 # firewall.sh iptables v1.4.21: ! not allowed with multiple source or destination IP addresses So my question is: how can I write an iptables rule (or series of rules) that redirect all traffic to my proxy, *except* the one going to <list_of_domains> ? Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@xxxxxxxxxxxxx Tél. : 04 66 63 10 32 _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos