-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andy, Thanks for your reply. That rule did allow me to bypass the proxy, the java app I'm supposed to run still doens't work, but now I'm conviced It's not my gateway messing it up. That diagram really kicks ass! :) Thanks! Bernardo Andrew Beverley wrote: > Sorry for the top posting but it's a big message... > > How about trying > > -A PREROUTING -i ! eth0 -p tcp -m tcp --dport 80 -d \ > 200.201.160.0/255.255.240.0 -j ACCEPT > > directly *before* the rule to direct hosts to squid. > > The other rule you noted is a FORWARD rule which is processed *after* > the PREROUTING rule you use for squid, so by the time the packets get to > that rule they've already been grabbed by squid. > > The following link is an excellent diagram to appreciate the routing > order - it would be nice to see this on the netfilter homepage! > > http://www.docum.org/docum.org/kptd/ > > Andy Beverley > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgcrQ2QVs8jsa1mQRAjRkAJ41dcrz2nApIuNGXHObr6hJlw5JrACfS0Is yW/TDJciO/9bLdH6og3ESc4= =ygI0 -----END PGP SIGNATURE-----
