On Mon, Mar 15, 2004 at 10:19:35AM +0100, Fredrik Emil Jensen wrote: > Hey > > I'm currently using squid and squidGuard for redirection. Setting up the > rules: > > Iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 > -j REDIRECT --to-ports 3128 > > But does anyone know what to do if you want to use iptables to bypass > squid with single IP address? > > I know that you can add the rule "iptables -t nat -A POSTROUTING -o eth0 > -s 192.168.1.10/32 -d 0/0 -j SNAT --to "source_Wan_address" ". But this > rule will be added at the end of the rule list, and all traffic on port > 80 will still be redirected through squid. Even when I use priority > "iptables -t nat -I POSTROUTING 1 etc" and I put higher priority on the > rule for the bypass IP, it is still being redirected through squid. I > have to remove the redirect rule before I can bypass squid. -A means to append to the end of the chain -I means to insert at the top or -I INPUT 5 - mean to insert above line 5 of a chain. Chains a processed from top to bottom hope that helps > > Does anyone know what I'm doing wrong? > > Using Slackware 9.1 with Kernel 2.6.2, iptables version 1.2.9 and squid > 2.5 > > Regards, > Fredrik >
Attachment:
signature.asc
Description: Digital signature
