Thank you Antony, finally it's working for me. I have another question for the list; is it possible to use iptables to redirect any request on port 80 to a specific web address? I know you can use the rule, iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 -j DNAT --to ip.address.xx.xx:80 But my problem occurs when you have many different subnets and you want subnet1 to be redirected to http://test.domain.com/site1, subnet2 to be redirected to http://test.domain.com/site2 etc. Does anyone have any suggestions on how to do this with iptables, is it possible? Or do I still need to use squid and squidGuard! Regards, Fredrik -----Original Message----- From: Antony Stone [mailto:Antony@xxxxxxxxxxxxxxxxxxxx] Sent: 16. mars 2004 09:44 To: Netfilter Subject: Re: transparent proxy On Monday 15 March 2004 9:19 am, Fredrik Emil Jensen wrote: > Hey > > I'm currently using squid and squidGuard for redirection. Setting up the > rules: > > Iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 > -j REDIRECT --to-ports 3128 > > But does anyone know what to do if you want to use iptables to bypass > squid with single IP address? Yes, put a rule above that one in the PREROUTING chain which matches the source address you don't want to be REDIRECTed, and jump out of the chain: iptables -I PREROUTING -t nat -p tcp -s 192.168.1.10 --dport 80 -j ACCEPT That will match a single address, 192.168.1.10, TCP port 80, and make sure the following REDIRECT rule is not activted. Note the "-I" to insert the rule at the top of the list, instead of the more common "-A" which appends to the end of the list. Regards, Antony.
