To start up a certain ip not through squid?

D

Denis Sechin2017-09-27 20:28:20

Squid

Denis Sechin, 2017-09-27 20:28:20

Greetings, there is a gateway on ubuntu 16, it is also a transparent proxy, it is also nat. There is a device on the local network on which a program that downloads updates from the site for its needs, it was empirically determined that it cannot work with a transparent proxy, as a result, I need to start the computer with this program bypassing the proxy. The following rule was added, but without success, the traffic of this IP is still visible in the access.log:

$ip -t nat -A PREROUTING -p tcp -s 10.10.10.10 -m multiport --dports 80,443,1212,1213,1214,1215 -j ACCEPT
$ip -t nat -A PREROUTING -s $LOCAL_NET ! -d 192.168/16 -p tcp --dport 80 -j REDIRECT --to-port 3128

I didn't find anything intelligible on the Internet, maybe someone has working ideas? thank!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

mureevms, 2017-09-28
@tamogavk

Look at my note , as I wrote for you.
UPD
In short, you can exclude from a redirect by inserting the following rule before the redirect rule:
And yet, filtering (I mean yours --dports 80,443,1212,1213,1214,1215 -j ACCEPT) is handled by the filter table, i.e. this must be done in the FORWARD chain.