Iptables Exclusion

Posted on 2004-11-01
Last Modified: 2012-05-05
Currently running Redhat 9.0 with IPTABLES.
All outgoing port 80 traffic is being re-directed to 3218 (squid cache) with the following command
-A PREROUTING -i ! eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3218
I  wish to add an exclusion so that if the traffic is coming fom a specific internal address then it not be re-directed through the squid.

Any ideas ?
Question by:michael334
    LVL 2

    Accepted Solution


    very simple.... modify ur rule set to this:

    iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -s ! (your internal address) -j REDIRECT --to-ports 3128

    By doing this we would exclude packets coming from the particular node being redirect. They would head for port 80.

    Hope this helps,


    Author Comment

    Is it possible to allow multiple hosts, at this stage i only have one, however in the future i can see the need to add more ..
    LVL 2

    Expert Comment


    I think I can help here....

    Suppose you want to exclude (say 10 ips) with no similarity, then you could do soming like:

    iptables -N excluded_ips

    iptables -A excluded_ips -s (first IP address) -j DROP
    iptables -A excluded_ips -s (second IP address) -j DROP
    .... so on
    iptables -A excluded_ips -s (last IP address) -j DROP

    iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -j excluded_ips
    iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -j REDIRECT --to-ports 3128

    This scriptlet should replace ur current setup. See if it helps??? Do post back.


    Author Comment

    Thanks for the info,  That works a treat.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now