LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-20-2005, 07:58 AM   #1
jcopley
LQ Newbie
 
Registered: Nov 2005
Posts: 1

Rep: Reputation: 0
Using iptables to bypass squid proxy for a specific domain


We're running SmartFilter (an Internet content filter) on RedHat Linux Enterprise and squid. Traffic is directied to our proxy from our member schools through a variety of means (router policy based rules, Windows profiles, firewall appliance proxy configurations).

There are a few destination sites that do not work well when traffic goes through our proxy so we would like to bypass squid totally for specific domains (IPs).

The iptables line redirecting traffic to squid is:

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128

After MUCH research, we have tried placing the line below just ahead of it in iptables.

-A PREROUTING -p tcp -m tcp -d a.b.c.d -j ACCEPT

(where a.b.c.d is the destination domain we would like to bypass squid for.)

After editing iptables and restarting that service, web traffic to the a.b.c.d domain still shows up in /usr/local/squid/var/logs/access.log so traffic to a.b.c.d is still going through squid.

Ideas?
Thanks in advance!
 
Old 11-20-2005, 09:41 AM   #2
fouldsy
Senior Member
 
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
Never tried it via iptable rules, but can you not simply create an acl within squid telling it to never cache certain domains? That's how I get around sites not working properly through the proxy - this way Squid simply forwards the requests directly the net and back to the appropriate client.
 
Old 11-20-2005, 10:34 AM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
@jcopley:
Could you post your full ruleset for us? Make sure to remove any public IPs. Also if you do iptables -vnL do you see the rule you've added in the right place?
 
Old 07-18-2007, 01:50 PM   #4
GSMD
Member
 
Registered: Dec 2005
Distribution: Gentoo
Posts: 87

Rep: Reputation: 16
That's the way I've done squid bypassing for a local net:
Code:
-A PREROUTING -i eth0 -d 192.168.0.0/16 -j ACCEPT
-A PREROUTING -i eth0 -d 10.0.0.0/8     -j ACCEPT
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
with eth0 being a local net (172.20.1.0/24) and the other private subnets mentioned being outside.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Proxy won't let me connect, iptables, squid and dansguardian hindenbergbaby Linux - Networking 4 12-02-2009 04:45 AM
Configuring tranparent proxy with squid and iptables usmanmehmood Linux - Networking 4 09-24-2005 06:57 AM
Bypass Proxy Ungluun Linux - Networking 4 03-10-2005 01:42 AM
Bypass proxy hotplainrice Linux - Networking 1 02-26-2005 07:13 AM
Squid - Bypass login for some sites lhqcxg1 Linux - Newbie 0 02-04-2003 04:26 AM


All times are GMT -5. The time now is 04:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration