Allow traffic through a server using iptables.
Martijn Lievaart
m at rtij.nl
Sun Apr 23 14:17:32 CEST 2006
Tony wrote:
>The best way to do this is on the squid server using iptables, but my
>knowledge of iptables is limited and I can't find out how to do this.
>How do I tell iptables that IP address should just be passed through the
>server and not sent to squid?
>Currently if I take an IP address out of the ip rule for forwarding to squid
>the web requests from that IP address just fail since the server doesn't run
>web and doesn't know that it should just forwarded out into the Internet.
>
>
>
>
Maybe something like:
/sbin/iptables -A PREROUTING -t nat -p tcp -s 192.168.1.0/20 --dport 80 -j SQUID
/sbin/iptables -A SQUID -d <some ip> -j RETURN
/sbin/iptables -A SQUID -d <some ip> -j RETURN
/sbin/iptables -A SQUID -d <some ip> -j RETURN
/sbin/iptables -A SQUID -j DNAT --to <IP ETH0:1>:3128
does what you want?
M4
More information about the netfilter
mailing list