David Talbot wrote: > > I may just do that (god knows it would make the walling process easier to be > able to use reg exps), but before I do let me explain the overall problem. > > If I do the transparent proxy I would want it done to all addresses except > the ones on my explicit list. For example: > > I want 10.0.1.1 and 10.1.250.1 to have full unrestricted access to the > internet including FTP, Kazaa, etc. > All other IPS I want to only be able to use port 80 (web) through the > transparent proxy. The proxy I would configure to use the walled ACLs so all > these people have access to is amazon.com. > > Is that possible? With the transparent proxy iptables settings I've seen so > far the transparent proxy applies to everyone when it is done. How can I > make it so people on my unfettered access list don't get piped through the > proxy? Sure, should be no problem using iptables: First allow 10.0.1.1 and 10.1.250.1 access to the required services (www, ftp) and then use a rule that redirects all traffic to port 80 to your proxy. After that put a rule that denies everything. So your other clients can only access port 80 via the proxy and nothing more whereas those special clients have full access without going via the proxy. That should be it (or have I overlooked something?). Juri
