[TriLUG] iptables question
Michael Hrivnak
mhrivnak at triad.rr.com
Thu Nov 10 23:06:17 EST 2005
Rules are consulted sequentially until a match is made. I think you can just
add rules that specifically allow those 6 machines followed by the
exclusionary rules.
Michael
On Thursday 10 November 2005 02:37 pm, mark at thefowles.com wrote:
> All -
>
> I have a gateway/router setup to route all outbound web traffic back
> through Dansguardian and Squid, (for proxy/content filtering) - then out
> to the internet if they pass the test --
>
> Here's the primary rule.........
> echo "Proxy Adjustment being made."
> iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.10.12 -p tcp --dport 80
> -j DNAT --to 192.168.10.12:88
> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.0/24 -d 192.168.10.12
> -j SNAT --to 192.168.10.1
> iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.10.12 -i eth1 -o eth1 -p
> tcp --dport 88 -j ACCEPT
>
>
> I need to have 6 ip's in the 10.x range be excluded from filtering and
> allowed out. What would be the rule I'd use? Would I have to add all the
> IP's that are to be blocked and just not include the ones I need to bypass
> the proxy?
>
> TIA,
> Mark
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
More information about the TriLUG
mailing list