Jamie McParland wrote:
This is probably the wrong place to ask this but i don't know where else to
turn. I'm using IPCOP as my distro and we use iptables to do transparent
proxy with squid.
I have one site that is balling up in squid and need to totally bypass
squid. Doing an ACL in squid doesn't work.
I know i could somehow put some rule before the transparent rule and bypass
it that way but i can't seem to figure it out. I asked the ipcop list but
didn't have any luck there. I thought the IPTable gurus might have an idea.
Thanks,
Jamie
Let's asume you are using a rule like this one:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
Let's asume the site you'll be bypassing is www.McParland.com.
Just add a rule before the REDIRECT one like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d
www.McParland.com -j RETURN
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
That would cause tcp packets coming from eth0 with destination port 80
and destination host www.McParland.com
to stop travelling PREROUTING chain of the nat table. E.g. they won't
hit the REDIRECT rule and will not be
redirected to squid's port.
regards,
Georgi Alexandrov
