bypass certain computer From squid

Hi
I belived it cant be done..but I might be wrong ..
if there is any way to bypass few internal Ip(pc) from squid ..

what i meant is : When 192.168.1.10 will try to browse or communicate with internet.. squid will bypass everything ..

note : here squid is transparent ..

example
I am installing a programm.. and there is not any option to specify the proxy and this program does not know how to use proxy transperant proxy


thanks .
LVL 29
fosiul01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

torakeshbCommented:
You should be able to do it at network switch level as you are using transparent proxy.

For those ip's you want to bypass proxy, you have to have a separate rule in switch

0
woolmilkporcCommented:
Hi and Happy New Year,

if your machine does not know how to use a proxy you must allow it direct internet access through your firewall.

No other way, squid is out of the game here.

wmp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DavisNTCommented:
If I understood you correctly you want that Squid transparent proxy will work for all, except a few PC on your LAN?
If so, then you can configure appropriate destination NAT rules on your router/proxy (I assume that you have Squid on the same machine that is acting as your router).
If you have something like this rule on your router/proxy: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
Then you can add exceptions like this (this will switch off transparent proxy for 192.168.0.5): iptables -t nat -I PREROUTING -s 192.168.0.5 -p tcp --dport 80 -j ACCEPT
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

fosiul01Author Commented:
@woolmilkporc

Happy New Year!! hope you are fine.

yes, I thought so .. i cant do that with squid ..


@DavisNT
yes thats right.. but problem is .. squid is a different server then Firewall .. and we use wpad for transperant proxy ...

@torakeshb
Our switches are not that smart that I will be able to do this..
0
torakeshbCommented:
If you are using wpad then its easy

  if( isInNet(myIpAddress(), ' 192.168.0.5', '255.255.255.0') )
     {
      return 'DIRECT';
     }
0
torakeshbCommented:
You need to have in the wpad file..


 if( isInNet(myIpAddress(), ' 192.168.0.5', '255.255.255.0') )
     {
      return 'DIRECT';
     }

This URL will help you detailing with more examples: http://findproxyforurl.com/pac_functions_explained.html
0
DavisNTCommented:
What OS is the firewall running? If it is Linux, then you may have something like (assuming 192.168.10.5 is your proxy server): iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.10.5
In this case you can use command that I mentioned on router to add exception there.
It is also possible that your router routes all traffic to (TCP port 80 or all traffic) via transparent proxy), in that case proxy server should have rules I mentioned and you can add exception there.

If you use WPAD, then proxy is not considerable transparent. Then you can add exception in WPAD script, see this link for reference on WPAD/PAC: http://nscsysop.hypermart.net/proxypac.html
0
fosiul01Author Commented:
let me try with wpad exclusion . i will come back to you
0
fosiul01Author Commented:
Hi currently i have somethign like this

function FindProxyForURL(url, host)     {
    var hostip=dnsResolve(host);

    if(isPlainHostName(host) ||
       
        isInNet(hostip, "192.0.0.0", "255.255.255.0")           ||
             
        (host == "ftp.xxx.xxx.xxxx.co.uk")
        ) return "DIRECT";
    else return "PROXY 172.x.x.x:3128";
}


I have changed that one to

function FindProxyForURL(url, host)     {
    var hostip=dnsResolve(host);

    if(isPlainHostName(host) ||
       
        isInNet(hostip, "192.0.0.0", "255.255.255.0")           ||
       isInNet(hostip, "192.0.0.5", "255.255.255.0")           ||
       
        (host == "ftp.xxx.xxx.xxxx.co.uk")
        ) return "DIRECT";
    else return "PROXY 172.x.x.x:3128";
}

but i am not seeing any effect..

do i need to restart apache ?? ( dont think so )
0
DavisNTCommented:
If you want that PCs with IP addresses 192.0.0.0 and 192.0.0.5 will bypass proxy, then you theoretically should use something like this:

function FindProxyForURL(url, host)     {
    var hostip=dnsResolve(host);
    var clientip = myIpAddress();

    if(isPlainHostName(host) ||

          clientip=="192.0.0.0" ||
          clientip=="192.0.0.5" ||
     
        (host == "ftp.xxx.xxx.xxxx.co.uk")
        ) return "DIRECT";
    else return "PROXY 172.x.x.x:3128";
}

Practically you should read about compatibility issues: http://en.wikipedia.org/wiki/Proxy_auto-config
0
fosiul01Author Commented:
hi
the way i wrote .. it should work according to the example you sent..

// If IP address is internal or hostname resolves to internal IP, send direct.

      var resolved_ip = dnsResolve(host);

      if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
            isInNet(resolved_ip, "172.16.0.0",  "255.240.0.0") ||
            isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
            isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
            return "DIRECT";
                              

and i wrote the same way ..

function FindProxyForURL(url, host)     {
    var hostip=dnsResolve(host);

    if(isPlainHostName(host) ||
       
        isInNet(hostip, "192.0.0.0", "255.255.255.0")           ||
       isInNet(hostip, "192.0.0.5", "255.255.255.0")           ||
       
        (host == "ftp.xxx.xxx.xxxx.co.uk")
        ) return "DIRECT";
    else return "PROXY 172.x.x.x:3128";
}


but mine does not work..

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.