Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Iptables Exclusion

Posted on 2004-11-01
4
Medium Priority
?
986 Views
Last Modified: 2012-05-05
Currently running Redhat 9.0 with IPTABLES.
All outgoing port 80 traffic is being re-directed to 3218 (squid cache) with the following command
-A PREROUTING -i ! eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3218
I  wish to add an exclusion so that if the traffic is coming fom a specific internal address then it not be re-directed through the squid.

Any ideas ?
0
Comment
Question by:michael334
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
kidoman earned 500 total points
ID: 12467238
Hi,

very simple.... modify ur rule set to this:

iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -s ! (your internal address) -j REDIRECT --to-ports 3128

By doing this we would exclude packets coming from the particular node being redirect. They would head for port 80.

Hope this helps,

Karan
0
 

Author Comment

by:michael334
ID: 12467535
Is it possible to allow multiple hosts, at this stage i only have one, however in the future i can see the need to add more ..
0
 
LVL 2

Expert Comment

by:kidoman
ID: 12475734
Hi,

I think I can help here....

Suppose you want to exclude (say 10 ips) with no similarity, then you could do soming like:

iptables -N excluded_ips

iptables -A excluded_ips -s (first IP address) -j DROP
iptables -A excluded_ips -s (second IP address) -j DROP
.... so on
iptables -A excluded_ips -s (last IP address) -j DROP

iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -j excluded_ips
iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -j REDIRECT --to-ports 3128

This scriptlet should replace ur current setup. See if it helps??? Do post back.

Karan
0
 

Author Comment

by:michael334
ID: 12477908
Thanks for the info,  That works a treat.

Michael334
0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question