Quoting Jim Laurino <nfcan.x.jimlaur@xxxxxxxx>:
On 2007.03.08 06:34, dhottinger@xxxxxxxxxxxxxxxxxxxxxx wrote:
Quoting Georgi Alexandrov <georgi.alexandrov@xxxxxxxxx>:
.....
I would like to have any traffic destined for apple.com excluded from
this redirect. I cant seem to get the syntax right. Anyone got any
ideas?
<snip*>
iptables -t nat -A PREROUTING -p tcp -i $iface --dport 80 -d $apples_net
-j RETURN
....
$IPC -t nat -A PREROUTING -p tcp -i $IF --dport 80 -d 17.250.0.0
-j RETURN
Is not routing apple.com traffice away from my proxy. Apple.com traffic is
still getting routed to proxy server. I have the rule placed above my dnat
rule for the proxy. Any other ideas?
The example was non-specific, -d $apples_net.
Your implementation, -d 17.250.0.0, is for a specific ip address.
You probably meant to specify a range.
Iptables allows you to use netmask or cidr syntax.
You can cover all of Apple with 17.0.0.0/8 for instance.
--
Jim Laurino
nfcan.x.jimlaur@xxxxxxxx
Please reply to the list.
Only mail from the listserver reaches this address.
Yes I know.
Sorry I forgot part of my script. I did
$IPC -t nat -A PREROUTING -p tcp -i $IF --dport 80 -d 17.250.0.0/16 -j RETURN
Where $IF is the interface that connects to the internet.
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
