> -----Original Message----- > From: Bill Hughey [mailto:whughey@xxxxxxxxxxxxxxxxx] > Sent: Monday, September 12, 2005 8:04 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: bypass squid for some sites > > > I am running squid on a LRP box. It is running fine as a transparent > proxy. I have a group of internal machines going through it, with a > range of IPs that bypass the proxy using ipchains. Is there a way to > bypass squid for the machines that normally go through squid to reach > certain sites? I have tried acls to allow the sites and always_direct, > but the sites are still much much slower going through the > proxy. always_direct only has an effect if you are using parent caches. Once Squid sees the traffic, there is no way for it to not be involved. > These are the chain rules I am using to start: > ~ > # Redirect to Squid proxy server: > ipchains -A input -p tcp -s 0/0 -d 0/0 8080 -j DENY -i eth0 -l > # Bypass for 192.168.1.8/29 range > ipchains -A input -p tcp -s ! 192.168.1.8/29 -d 0/0 80 -j > REDIRECT 8080 > ~ > I want to keep the other machines going through the proxy, except let > 192.168.1.3 bypass the proxy only to get to sportsonline.com. I'm not > too good with ipchains, can I make another rule to let only > this bypass? > Thanks, > Bill > I'm not an ipchains expert, but I think that... ipchains -A input -p tcp -s 192.168.1.3 -d 206.207.85.33 -j ALLOW ...should effectively ignore traffic between that client and that host. Put this rule in front of the "# Bypass for..." rule. Chris