Re: redirect (nfcan: addressed to exclusive sender for this address)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting Jim Laurino <nfcan.x.jimlaur@xxxxxxxx>:

On 2007.03.08 06:34, dhottinger@xxxxxxxxxxxxxxxxxxxxxx wrote:
Quoting Georgi Alexandrov <georgi.alexandrov@xxxxxxxxx>:

.....
I would like to have any traffic destined for apple.com excluded from
this redirect.  I cant seem to get the syntax right.  Anyone got any
ideas?
<snip*>

iptables -t nat -A PREROUTING -p tcp -i $iface --dport 80 -d $apples_net
-j RETURN

....

$IPC -t nat -A PREROUTING -p tcp -i $IF --dport 80 -d 17.250.0.0
-j RETURN

Is not routing apple.com traffice away from my proxy.  Apple.com traffic is
still getting routed to proxy server.  I have the rule placed above my dnat
rule for the proxy.  Any other ideas?

The example was non-specific, -d $apples_net.
Your implementation, -d 17.250.0.0, is for a specific ip address.
You probably meant to specify a range.
Iptables allows you to use netmask or cidr syntax.
You can cover all of Apple with 17.0.0.0/8 for instance.

--
Jim Laurino
nfcan.x.jimlaur@xxxxxxxx
Please reply to the list.
Only mail from the listserver reaches this address.


Yes I know.
 Sorry I forgot part of my script.  I did
$IPC -t nat -A PREROUTING -p tcp -i $IF --dport 80 -d 17.250.0.0/16 -j RETURN

Where $IF is the interface that connects to the internet.

--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux