On Mon, 15 Jun 2009 21:44:21 -0400, Jamie Orzechowski
<jamie.orzechowski_at_gmail.com> wrote:
> I am having issues with a few sites like megavideo, hotmail, etc and
> looking to bypass them entirely via IPTables ... I have added some
> rules to IPTables but I still see the traffic hitting the caches. Any
> ideas?
>
> Strange thing is that when running an iptables --list it shows no
> rules configured at all ..
iptables -t mangle --list
;)
>
> Here is my iptables rules
>
> /usr/local/sbin/iptables -t mangle -N DIVERT
> /usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
> /usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j
DIVERT
>
> #Bypass These subnets
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
> 80 -d 65.54.186.0/24 -j RETURN
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
> 80 -d 65.54.165.0/24 -j RETURN
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
> 80 -d 72.32.79.195/24 -j RETURN
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
> 80 -d 64.4.20.0/24 -j RETURN
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
> 80 -d 69.5.88.0/24 -j RETURN
Hmm, I'm not sure if RETURN works in a master level chain.
Perhapse a custom chain with the above and below rules all in it would
work?
Amos
>
> # Redirect to squid
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j
> TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
>
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
Received on Tue Jun 16 2009 - 04:03:17 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 16 2009 - 12:00:03 MDT