<BR>Hi Philip,<BR><BR>Thanks for the reply. I want to pass the connection through and not go through the Squid server. Basically, my intention is to filter certain customers from accessing the Squid server but still have full connectivity. Thanks.<BR><BR>Daniel<BR><BR><BR>-----<BR>Philip Craig said:<BR>> Daniel Camacho wrote:<BR>> > I'm new to this list and to IPtables. I recently installed a<BR>> transparent<BR>> > proxy using Squid and IPtables. On one computer, I installed IPtables<BR>> and<BR>> > forward all port 80 requests to the Squid server, which is running on a<BR>> > separate server. On that same computer I want to be able to filter<BR>> certain<BR>> > connections from using the Squid. I know I can do this with Squid, but<BR>> I<BR>> > want to know how to do it with IPtables. Does anyone know how may I go<BR>> > about doing this? Thanks.<BR>> <BR>> Do you want to just pass these connections through directly instead of<BR>> forwarding them to the Squid server, or do you want to drop them<BR>> completely?<BR>> <BR>> If you just want to pass them through, you need to stop them reaching the<BR>> DNAT rule. You have already done this for the squid server itself, but<BR>> that method only allows you to pass through one IP address. A more<BR>> general<BR>> method is to add ACCEPT rules for each address (just repeat the first<BR>> rule for each address to pass through):<BR>> <BR>> # start up filter rules for traffic redirection to Squid<BR>> iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.1 -p tcp --dport 80 -j<BR>> ACCEPT<BR>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to<BR>> 192.168.0.1:3128<BR>> <BR>> If you want to drop the connections, then you need to put DROP or REJECT<BR>> rules in the FORWARD chain of the filter table. Make sure you put them<BR>> before the rules ACCEPTing traffic from each subnet.<BR>> <BR>> --<BR>> Philip Craig - philipc@xxxxxxxxxxxx - http://www.SnapGear.com<BR>> SnapGear - Custom Embedded Solutions and Security Appliances<BR>> <BR>> <BR>> <BR>
