Re: Squid vs. iptables redirection: exception for certain domains ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs <info@xxxxxxxxxxxxx>:
> 
> I've experimented some more, and I have a partial success. Here, I'm
> redirecting all HTTPS traffic *except* the one that goes to my bank:
> 
> iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d
> www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129
> 
> This works because my bank is hosted on a single IP. As soon as I
> replace that with a domain that's hosted on multiple IP's, I get this:
> 
> iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.google.com
> --dport 443 -j REDIRECT --to-port 3129


May I ask, after all it doesn't work with google.com, right?



> # firewall.sh
> iptables v1.4.21: ! not allowed with multiple source or destination IP
> addresses
> 
> So my question is: how can I write an iptables rule (or series of rules)
> that redirect all traffic to my proxy, *except* the one going to
> <list_of_domains> ?


It is not a good practice to place domain names into iptables rules. Define 
a custom table, place this table into your rule list (to stick at the right 
place) and feed that table with the resolved domain names. This can be altered 
while running in the case of changes (check resolving results periodically).


--
LF



 



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux