RE: [squid-users] bypass squid for some sites

> -----Original Message-----
> From: Bill Hughey [mailto:whughey@billsbasement.net]
> Sent: Monday, September 12, 2005 8:04 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] bypass squid for some sites
>
>
> I am running squid on a LRP box. It is running fine as a transparent
> proxy. I have a group of internal machines going through it, with a
> range of IPs that bypass the proxy using ipchains. Is there a way to
> bypass squid for the machines that normally go through squid to reach
> certain sites? I have tried acls to allow the sites and always_direct,
> but the sites are still much much slower going through the
> proxy.

always_direct only has an effect if you are using parent caches. Once Squid sees the traffic, there is no way for it to not be involved.

> These are the chain rules I am using to start:
> ~
> # Redirect to Squid proxy server:
> ipchains -A input -p tcp -s 0/0 -d 0/0 8080 -j DENY -i eth0 -l
> # Bypass for 192.168.1.8/29 range
> ipchains -A input -p tcp -s ! 192.168.1.8/29 -d 0/0 80 -j
> REDIRECT 8080
> ~
> I want to keep the other machines going through the proxy, except let
> 192.168.1.3 bypass the proxy only to get to sportsonline.com. I'm not
> too good with ipchains, can I make another rule to let only
> this bypass?
> Thanks,
> Bill
>

I'm not an ipchains expert, but I think that...

ipchains -A input -p tcp -s 192.168.1.3 -d 206.207.85.33 -j ALLOW

...should effectively ignore traffic between that client and that host. Put this rule in front of the "# Bypass for..." rule.

Chris
Received on Mon Sep 12 2005 - 11:40:02 MDT