Using iptables to bypass squid proxy for a specific domain
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Using iptables to bypass squid proxy for a specific domain
We're running SmartFilter (an Internet content filter) on RedHat Linux Enterprise and squid. Traffic is directied to our proxy from our member schools through a variety of means (router policy based rules, Windows profiles, firewall appliance proxy configurations).
There are a few destination sites that do not work well when traffic goes through our proxy so we would like to bypass squid totally for specific domains (IPs).
The iptables line redirecting traffic to squid is:
After MUCH research, we have tried placing the line below just ahead of it in iptables.
-A PREROUTING -p tcp -m tcp -d a.b.c.d -j ACCEPT
(where a.b.c.d is the destination domain we would like to bypass squid for.)
After editing iptables and restarting that service, web traffic to the a.b.c.d domain still shows up in /usr/local/squid/var/logs/access.log so traffic to a.b.c.d is still going through squid.
Never tried it via iptable rules, but can you not simply create an acl within squid telling it to never cache certain domains? That's how I get around sites not working properly through the proxy - this way Squid simply forwards the requests directly the net and back to the appropriate client.
@jcopley:
Could you post your full ruleset for us? Make sure to remove any public IPs. Also if you do iptables -vnL do you see the rule you've added in the right place?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.