mudfish Posted July 31, 2008 Report Share Posted July 31, 2008 hi all, ive disabled ecn and tcp window scaling is off but still some sites wont show up when it goes to my squid proxy. hopefully someone here would help me for the much needed iptable firewall rule to allow some sites not to pass through squid(i.e direct) hoping someone here would bail me out on this problem as ive been pulling my hair off for days on this one. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted July 31, 2008 Report Share Posted July 31, 2008 Have you configured squid so that it is specified manually in the browser configuration, or have you configured it to be transparent and have iptables automatically redirect traffic to the squid proxy server? As a thought though, you want to be looking at any request to the destination address so that it is passed directly without going via the squid proxy. This rule would come before the rule that redirects all other http traffic via the squid proxy. So I'm assuming you've done it transparently. If so, also remember that you should only be redirecting http traffic, since https will not automatically redirect transparently due to a suspected "man-in-the-middle" attack. That is normal by design. Quote Link to comment Share on other sites More sharing options...
mudfish Posted August 1, 2008 Author Report Share Posted August 1, 2008 Have you configured squid so that it is specified manually in the browser configuration, or have you configured it to be transparent and have iptables automatically redirect traffic to the squid proxy server? As a thought though, you want to be looking at any request to the destination address so that it is passed directly without going via the squid proxy. This rule would come before the rule that redirects all other http traffic via the squid proxy. So I'm assuming you've done it transparently. If so, also remember that you should only be redirecting http traffic, since https will not automatically redirect transparently due to a suspected "man-in-the-middle" attack. That is normal by design. yes ian,i have squid setup as transparent proxy caching server.port 443 is block so https is not a problem on my side. Quote Link to comment Share on other sites More sharing options...
paul Posted August 1, 2008 Report Share Posted August 1, 2008 can you do an iptables ! -d (dest ip addy) ?? Quote Link to comment Share on other sites More sharing options...
mudfish Posted August 7, 2008 Author Report Share Posted August 7, 2008 seems mr. google did the job for me.i found this iptable entry: iptables -t nat -A PREROUTING -p tcp --dport 80 -d www.iamnotloading.com -j ACCEPT which works perfectly. :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.