Le 11/03/2018 à 11:01, Nicolas Kovacs a écrit :
> So here's what I want to do, in plain words:
>
> 1. Redirect all HTTP traffic (port 80) to port 3128. So far so good.
>
> 2. Redirect all HTTPS traffic (port 443) to port 3129. Equally OK.
>
> AND...
>
> 3. DO NOT REDIRECT traffic that goes to certain domains, like:
>
> github.com
> credit-cooperatif.coop
> cloud.microlinux.fr
> squid-cache.org
> etc.
I've experimented some more, and I have a partial success. Here, I'm
redirecting all HTTPS traffic *except* the one that goes to my bank:
iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d
www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129
This works because my bank is hosted on a single IP. As soon as I
replace that with a domain that's hosted on multiple IP's, I get this:
iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.google.com
--dport 443 -j REDIRECT --to-port 3129
# firewall.sh
iptables v1.4.21: ! not allowed with multiple source or destination IP
addresses
So my question is: how can I write an iptables rule (or series of rules)
that redirect all traffic to my proxy, *except* the one going to
<list_of_domains> ?
Cheers,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info@xxxxxxxxxxxxx
Tél. : 04 66 63 10 32
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
