Karina G=F3mez Salgado wrote: > Hi, I'm using iptables for redirect requests to port 80 to port 3128 of= > Squid. >=20 > But I have a problem, because some of the squid users have trouble > accessing certain services through the proxy, i want to this users > bypass the proxy when they try to reach certain sites. >=20 I had a simillar problem where clients could access sites directly, but=20 not when the transparent quid was setup. The problem was that the server = had ECN enabled. Some brain-dead routers/firewalls filter out all=20 packets with the ECN bit set. Disabling ECN on the firewall solved the=20 problems. Try to look at the value of /proc/sys/net/ipv4/tcp_ecn. If the value is=20 '1', then do an 'echo 0 > /proc/sys/net/ipv4/tcp_ecn' on the machine=20 running the squid and see if the problem persists. This might be an easier way to solve the problem rather than adding=20 specific rules to let machines bypass the proxy. Regards Anders Fugmann -- Author of FIAIF FIAIF is an intelligent firewall http://fiaif.fugmann.dhs.org
