[CS-FSLUG] squid/squidguard transparent proxy but not server (iptable rules)
Mark Clayton
clayton256 at gmail.com
Thu Sep 27 07:33:35 CDT 2012
On Wed, Sep 26, 2012 at 10:16 AM, Mark Clayton <clayton256 at gmail.com> wrote:
> I run squid/squidguard on my ubuntu server. I usually use the
> following iptable rule so that localhost httpd traffic is directed to
> squid:
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> I wanted to temporarily change that so that localhost traffic is not
> redirected. In my notes I have the rule to do that as:
> iptables -t nat -A PREROUTING -i eth0 -p tcp -d ! 10.0.1.0/24 --dport
> 80 -j REDIRECT --to-port 3128
> The difference being "-d ! 10.0.1.0/24". But this gives the error:
> Bad argument `10.0.1.0/24'
>
> Any idea what I'm doing wrong?
>
I read iptable --help a little harder. The ! comes _before_ the -d:
iptables -t nat -A PREROUTING -i eth1 -p tcp ! -d 10.0.1.0/24 --dport
80 -j REDIRECT --to-port 3128
One step forward...
More information about the Christiansource
mailing list