Le 11/03/2018 à 11:01, Nicolas Kovacs a écrit :
So here's what I want to do, in plain words:
Redirect all HTTP traffic (port 80) to port 3128. So far so good.
Redirect all HTTPS traffic (port 443) to port 3129. Equally OK.
AND...
- DO NOT REDIRECT traffic that goes to certain domains, like:
github.com credit-cooperatif.coop cloud.microlinux.fr squid-cache.org etc.
I've experimented some more, and I have a partial success. Here, I'm redirecting all HTTPS traffic *except* the one that goes to my bank:
iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129
This works because my bank is hosted on a single IP. As soon as I replace that with a domain that's hosted on multiple IP's, I get this:
iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.google.com --dport 443 -j REDIRECT --to-port 3129
# firewall.sh iptables v1.4.21: ! not allowed with multiple source or destination IP addresses
So my question is: how can I write an iptables rule (or series of rules) that redirect all traffic to my proxy, *except* the one going to <list_of_domains> ?
Cheers,
Niki