At 09:46 AM 11/6/2003, you wrote:
>How can I configure transparente proxy for my every users in my internal
>network that server using linux kernell 2.4.19 and squid 2.4.7 with:
>
>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
>REDIRECT --to-port 3128
>
>and in the same server for only one user of the same internal netwok not
>configure transparent proxy.
>
>Can i insert one iptables comand to configure this exceptio of
>interceptation ?
>
>Anybody can write this line for me ?
If you can have this one user on a static IP address, you can just add "-s
!<users_IP>" to your existing iptables rule, e.g.
iptables -t nat -A PREROUTING -i eth0 -s !<users_IP> -p tcp --dport 80 -j
REJECT --to-port 3128
If you can't get the one user on a static IP address, you'd leave your
existing rule as-is and add another one before it in the table using the
RETURN target, like this:
iptables -t nat -I PREROUTING 1 -s <users_IP> -j RETURN
When the <users_IP> changes, you need to arrange for the deletion and
reinsertion of this rule dynamically.
-- =========================
Tom Lahti
Tx3 Online Services
(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================
Received on Thu Nov 06 2003 - 10:08:55 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:09 MST