I am running Squid Cache with TPROXY Support ... the problem is my iptables rules are passing all port 80 traffic to squid. I want to add a rule to bypass a local subnet so it is not intercepted and goes direct to the destination ... here is my rule but it's not working .. it's still being intercepted. All traffic occurs on eth1 ... any ideas? iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT #Bypass This destination iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -d 66.78.96.0/255.255.255.0 -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 --on-ip 66.78.102.2 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
