Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-20-2005, 06:58 AM   #1
LQ Newbie
Registered: Nov 2005
Posts: 1

Rep: Reputation: 0
Using iptables to bypass squid proxy for a specific domain

We're running SmartFilter (an Internet content filter) on RedHat Linux Enterprise and squid. Traffic is directied to our proxy from our member schools through a variety of means (router policy based rules, Windows profiles, firewall appliance proxy configurations).

There are a few destination sites that do not work well when traffic goes through our proxy so we would like to bypass squid totally for specific domains (IPs).

The iptables line redirecting traffic to squid is:

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128

After MUCH research, we have tried placing the line below just ahead of it in iptables.

-A PREROUTING -p tcp -m tcp -d a.b.c.d -j ACCEPT

(where a.b.c.d is the destination domain we would like to bypass squid for.)

After editing iptables and restarting that service, web traffic to the a.b.c.d domain still shows up in /usr/local/squid/var/logs/access.log so traffic to a.b.c.d is still going through squid.

Thanks in advance!
Old 11-20-2005, 08:41 AM   #2
Senior Member
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
Never tried it via iptable rules, but can you not simply create an acl within squid telling it to never cache certain domains? That's how I get around sites not working properly through the proxy - this way Squid simply forwards the requests directly the net and back to the appropriate client.
Old 11-20-2005, 09:34 AM   #3
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Could you post your full ruleset for us? Make sure to remove any public IPs. Also if you do iptables -vnL do you see the rule you've added in the right place?
Old 07-18-2007, 12:50 PM   #4
Registered: Dec 2005
Distribution: Gentoo
Posts: 87

Rep: Reputation: 16
That's the way I've done squid bypassing for a local net:
-A PREROUTING -i eth0 -d -j ACCEPT
-A PREROUTING -i eth0 -d     -j ACCEPT
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
with eth0 being a local net ( and the other private subnets mentioned being outside.
Old 05-26-2015, 12:38 PM   #5
Registered: May 2015
Posts: 93

Rep: Reputation: Disabled
Our system is in gateway mode with 2 NICs here is my bypass of Squid & Dansguardian.

iptables -t nat -I PREROUTING -d -p tcp --dport 80 -j ACCEPT

Last edited by HardenedCriminal; 05-30-2015 at 03:31 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Proxy won't let me connect, iptables, squid and dansguardian hindenbergbaby Linux - Networking 4 12-02-2009 03:45 AM
Configuring tranparent proxy with squid and iptables usmanmehmood Linux - Networking 4 09-24-2005 05:57 AM
Bypass Proxy Ungluun Linux - Networking 4 03-10-2005 12:42 AM
Bypass proxy hotplainrice Linux - Networking 1 02-26-2005 06:13 AM
Squid - Bypass login for some sites lhqcxg1 Linux - Newbie 0 02-04-2003 03:26 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:59 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration