Re: [squid-users] transparente proxy for all users and not one of them

From: Tom Lahti <tom@dont-contact.us>
Date: Thu, 06 Nov 2003 09:08:55 -0800

At 09:46 AM 11/6/2003, you wrote:

>How can I configure transparente proxy for my every users in my internal
>network that server using linux kernell 2.4.19 and squid 2.4.7 with:
>
>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
>REDIRECT --to-port 3128
>
>and in the same server for only one user of the same internal netwok not
>configure transparent proxy.
>
>Can i insert one iptables comand to configure this exceptio of
>interceptation ?
>
>Anybody can write this line for me ?

If you can have this one user on a static IP address, you can just add "-s
!<users_IP>" to your existing iptables rule, e.g.

iptables -t nat -A PREROUTING -i eth0 -s !<users_IP> -p tcp --dport 80 -j
REJECT --to-port 3128

If you can't get the one user on a static IP address, you'd leave your
existing rule as-is and add another one before it in the table using the
RETURN target, like this:

iptables -t nat -I PREROUTING 1 -s <users_IP> -j RETURN

When the <users_IP> changes, you need to arrange for the deletion and
reinsertion of this rule dynamically.

-- =========================
    Tom Lahti
    Tx3 Online Services

    (888)4-TX3-SVC (489-3782)
    http://www.tx3.net/
-- =========================
Received on Thu Nov 06 2003 - 10:08:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:09 MST