[squid-users] Bypasing squid for certain sites

From: Jamie Orzechowski <jamie.orzechowski_at_gmail.com>
Date: Mon, 15 Jun 2009 21:44:21 -0400

I am having issues with a few sites like megavideo, hotmail, etc and
looking to bypass them entirely via IPTables ... I have added some
rules to IPTables but I still see the traffic hitting the caches.  Any
ideas?

Strange thing is that when running an iptables --list it shows no
rules configured at all ..

Here is my iptables rules

/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

#Bypass These subnets
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 65.54.186.0/24 -j RETURN
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 65.54.165.0/24 -j RETURN
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 72.32.79.195/24 -j RETURN
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 64.4.20.0/24 -j RETURN
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp --dport
80 -d 69.5.88.0/24 -j RETURN

# Redirect to squid
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j
TPROXY --tproxy-mark 0x1/0x1 --on-port 3129

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
Received on Tue Jun 16 2009 - 01:44:22 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 16 2009 - 12:00:03 MDT