Cdrack wrote:
Hi Amos,
Could you please explain what should by placed instead of ¨squid¨?
-A squid is a local custom chain name in my iptables.
It's created by:
iptables -t nat -N squid
iptables -t nat -A PREROUTING --protocol tcp --dport 80 -j squid
I ran this
iptables -t nat -A squid -j DNAT --to-destination 10.0.0.1:81
But i get this message:
iptables: No chain/target/match by that name
Seems to me that the ¨-A squid¨ part is what is not working for me.
I have the exact same problem as the guy that opened this thread.
If I understand you correctly you want requests sent to a particular site
not even to enter Squid yes?
This is correct for me, i want to allow the browser to retrieve the website
without passing thru squid.
Tnx for your prompt reply.
Amos Jeffries-2 wrote:
Hi Folks,
I need a specific site to completely bypass my squid cache due to a
broken
external webapp.
I have read the section "how do I configure Squid not to cache a specific
server?" from the wiki, which I can implement with no issues, but what I
am not sure is what this will actually do :)
Will this allow traffic to pass through squid without caching it, or will
this block the site for users?
The bit that says to configure "cache deny" ?
Simply prevents storage of the request/reply objects as they go through
Squid.
If I understand you correctly you want requests sent to a particular site
not even to enter Squid yes? once they enter squid there is no bypassing,
so it must be done at the firewall.
For such sites I use a custom chain a bit like this to decide of the
request is intercepted or not (all the lines ending in ACCEPT, are not
intercepted):
iptables -t nat -A squid -s 10.0.0.1 -j ACCEPT
...
iptables -t nat -A squid -j DNAT --to-destination 10.0.0.1:81
You want something like:
iptables -t nat -A squid -d ip-of-website-to-permit -j ACCEPT
in your list of bypasses.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
Current Beta Squid 3.1.0.7
