hi all,

ive disabled ecn and tcp window scaling is off but still some sites wont show up when it goes to my squid proxy. hopefully someone here would help me for the much needed iptable firewall rule to allow some sites not to pass through squid(i.e direct)

hoping someone here would bail me out on this problem as ive been pulling my hair off for days on this one.

Have you configured squid so that it is specified manually in the browser configuration, or have you configured it to be transparent and have iptables automatically redirect traffic to the squid proxy server?

As a thought though, you want to be looking at any request to the destination address so that it is passed directly without going via the squid proxy. This rule would come before the rule that redirects all other http traffic via the squid proxy. So I'm assuming you've done it transparently. If so, also remember that you should only be redirecting http traffic, since https will not automatically redirect transparently due to a suspected "man-in-the-middle" attack. That is normal by design.

yes ian,i have squid setup as transparent proxy caching server.port 443 is block so https is not a problem on my side.

can you do an
iptables ! -d (dest ip addy)
??

seems mr. google did the job for me.i found this iptable entry:



which works perfectly.