Please don't ask a new question by replying to another post - instead, post a new message to the list. Nont Banditwong wrote: > My transparency squid box redirect packet which has destination port 80 to > 3128 by this iptable command > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > > but I don't want clients access some destination ip address through squid, > Is there a way to bypass squid by add some iptables command ? (This question really belongs on an iptables list.) Before the REDIRECT line above, add iptables rules similar to this: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d a.b.c.d -j ACCEPT where "a.b.c.d" is the IP address of the server to bypass Squid for. Also, be sure to allow port 80 traffic in your FORWARD chain. Adam
