I am having issues with a few sites like megavideo, hotmail, etc and
looking to bypass them entirely via IPTables ... I have added some
rules to IPTables but I still see the traffic hitting the caches. Any
ideas?
Strange thing is that when running an iptables --list it shows no
rules configured at all ..
Here is my iptables rules
/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
#Bypass These subnets
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 65.54.186.0/24 -j RETURN
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 65.54.165.0/24 -j RETURN
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 72.32.79.195/24 -j RETURN
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 64.4.20.0/24 -j RETURN
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 69.5.88.0/24 -j RETURN
# Redirect to squid
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j
TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
Received on Mon Jun 15 2009 - 20:04:33 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 17 2009 - 12:00:04 MDT