[CentOS] Iptables Question
jgimer at gmail.com
Wed Dec 10 21:22:36 UTC 2008
Makes sense to me.
Is the host that you are wanting to bypass your proxy on the same segment as
the $LAN interface defined in your rulesets?
On Wed, Dec 10, 2008 at 1:22 PM, Joseph L. Casale <JCasale at activenetwerx.com
> I have a squid proxy running transparently, so in my firewall script
> I run the following fairly early:
> iptables -A PREROUTING -t nat -i $LAN -p tcp -m multiport --dports 80,443
> -j REDIRECT --to-port 3128
> This is a multihomed server so after this change the masquerading was
> removed (as only web access on the lan side of this server was needed).
> I now need to masq cleanly one device so that it can bypass the squid
> proxy. As order is important, would it be correct to put the following
> _in front_ of the PREROUTING command above:
> iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
> iptables -A FORWARD -i $LAN -o $WAN -m mac --mac-source <mac addr> -m state
> --state NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 443 -j ACCEPT
> iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j
> Where is the best place to filter for the mac in this scenario? I am hoping
> anything w/o this mac will skip the whole masq setup and enter the
> command below, resulting in the traffic being proxied through squid.
> CentOS mailing list
> CentOS at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS