Forward port 80 for all traffic except to certain host/network
I have an application which checks websites for new content, and it runs on several servers. So, to lower bandwidth costs I've put a Squid server in front of them and used iptables to forward all calls on port 80 to it.
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to x.x.x.x:3128 The problem I have is that there are a couple of servers which do other tasks that are dependent on source IP, so they won't accept connections from the Squid server. So, for those ones, I don't want it to forward to Squid. How would I format my iptables call to forward everything unless the destination address or net is X? iptables is a bit of a mystery to me. |
Quote:
http://www.linuxhomenetworking.com/w...Using_iptables This is a very good guide. |
I've read that and I'm still not sure how I should structure the commands.
Perhaps like this? iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to x.x.x.x:3128 iptables -t nat -A OUTPUT -p tcp --dport 80 -d y.y.y.y -j ACCEPT |
As an update, I dug through the documentation for iptables and discovered the "-d" parameter will accept a NOT parameter in the form of "!". So the appropriate command is:
iptables -t nat -A OUTPUT -p tcp --dport 80 -d ! y.y.y.y -j DNAT --to x.x.x.x:3128 |
All times are GMT -5. The time now is 12:04 PM. |