> > First I put this: > > iptables -t nat -A PREROUTING -p tcp -d ! 172.16.0.0/16 --dport 80 -j REDIRECT --to-port 3128 > > Ok with this, the 10.34.x.x pcs can access to internet through the proxy and can view the web pages of the 172.16.x.x pcs ... It works!!! > > Then I put this: > > iptables -t nat -A PREROUTING -p tcp -d ! 10.34.0.0/16 --dport 80 -j REDIRECT --to-port 3128 > > With this, the 172.16.x.x pcs can access to internet through the proxy and can view the web pages of the 10.34.x.x pcs ... It works too!!! > > This commands works separately, but when I put the two at same time it doesn't work. it's because 10.34.0.0/16 matches "-d ! 172.16.0.0/16" and 172.16.0.0/16 matches "-d ! 10.34.0.0/16" > Can anybody help me please???? i can try. your PREROUTING rules should be, in order: iptables -t nat -A PREROUTING -p tcp -d 172.16.0.0/16 --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -d 10.34.0.0/16 --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -i ! eth0 --dport 80 -j REDIRECT --to-port 3128 which allows traffic to 172.16.0.0/16 and 10.34.0.0/16 to pass without going through the squid proxy, and anything else received on either eth2 or eth1 to get redirected to the squid cache. -j
