Here is my problem. All port 80 traffic is being intercepted by the
iptables configuration and redirecting to squid.
Some of my users have static IP addresses and host their own
webservers. When the Squid box is up and running none of their sites
are accessible. If I shut down the squid box everything begins to
work again .. so it looks like it's my iptables causing the issues
I tried creating a rule to bypass interception for my local subnets
but it does not seems to work. Can someone please have a look and let
me know what might be wrong?
Here are the rules.
/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
# Local Subnets
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.96.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.97.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.98.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.99.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.100.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.101.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j
TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 --on-ip 66.78.102.2
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
Received on Wed Jul 22 2009 - 14:57:20 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 23 2009 - 12:00:04 MDT