Jump to content

iptables rule for direct connection [solved]


mudfish
 Share

Recommended Posts

hi all,

 

ive disabled ecn and tcp window scaling is off but still some sites wont show up when it goes to my squid proxy. hopefully someone here would help me for the much needed iptable firewall rule to allow some sites not to pass through squid(i.e direct)

 

hoping someone here would bail me out on this problem as ive been pulling my hair off for days on this one. :wall:

 

:help:

Link to comment
Share on other sites

Have you configured squid so that it is specified manually in the browser configuration, or have you configured it to be transparent and have iptables automatically redirect traffic to the squid proxy server?

 

As a thought though, you want to be looking at any request to the destination address so that it is passed directly without going via the squid proxy. This rule would come before the rule that redirects all other http traffic via the squid proxy. So I'm assuming you've done it transparently. If so, also remember that you should only be redirecting http traffic, since https will not automatically redirect transparently due to a suspected "man-in-the-middle" attack. That is normal by design.

Link to comment
Share on other sites

Have you configured squid so that it is specified manually in the browser configuration, or have you configured it to be transparent and have iptables automatically redirect traffic to the squid proxy server?

 

As a thought though, you want to be looking at any request to the destination address so that it is passed directly without going via the squid proxy. This rule would come before the rule that redirects all other http traffic via the squid proxy. So I'm assuming you've done it transparently. If so, also remember that you should only be redirecting http traffic, since https will not automatically redirect transparently due to a suspected "man-in-the-middle" attack. That is normal by design.

 

yes ian,i have squid setup as transparent proxy caching server.port 443 is block so https is not a problem on my side.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...