[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 989
  • Last Modified:

Iptables Exclusion

Currently running Redhat 9.0 with IPTABLES.
All outgoing port 80 traffic is being re-directed to 3218 (squid cache) with the following command
-A PREROUTING -i ! eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3218
I  wish to add an exclusion so that if the traffic is coming fom a specific internal address then it not be re-directed through the squid.

Any ideas ?
0
michael334
Asked:
michael334
  • 2
  • 2
1 Solution
 
kidomanCommented:
Hi,

very simple.... modify ur rule set to this:

iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -s ! (your internal address) -j REDIRECT --to-ports 3128

By doing this we would exclude packets coming from the particular node being redirect. They would head for port 80.

Hope this helps,

Karan
0
 
michael334Author Commented:
Is it possible to allow multiple hosts, at this stage i only have one, however in the future i can see the need to add more ..
0
 
kidomanCommented:
Hi,

I think I can help here....

Suppose you want to exclude (say 10 ips) with no similarity, then you could do soming like:

iptables -N excluded_ips

iptables -A excluded_ips -s (first IP address) -j DROP
iptables -A excluded_ips -s (second IP address) -j DROP
.... so on
iptables -A excluded_ips -s (last IP address) -j DROP

iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -j excluded_ips
iptables -A PREROUTING -p tcp -i ! eth0 --dport 80 -j REDIRECT --to-ports 3128

This scriptlet should replace ur current setup. See if it helps??? Do post back.

Karan
0
 
michael334Author Commented:
Thanks for the info,  That works a treat.

Michael334
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now