This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible to bypass transparent proxy for DMZ servers

Is it possible to rewrite the IPTABLES rules to bypass the transparent proxy so that I can still access my internal web servers?

We're not using Internal DNS, therefore users are accessing DMZ servers via the external IP. As well known, this works fine w/o SQUID in the way, but once SQUID is turned on, this ceases to work. Even after I've manually edited the squid.conf-default file to add an access_direct ACL for the servers, the IP's which are DNAT'd to my DMZ still don't work.

I'm looking for a way to prepend the redirect dpt:80 to dpt:8080 rules with a direct 80 to 80 for DMZ so as to preclude the proxy rules for DMZ hosts. Is this possible?

-Rick

This thread was automatically locked due to age.

Parents

0 tom_01 over 23 years ago

1. create a file /sbin/init.d/ipnat.local
2. put your own calls to iptables in there
3. chmod it to 400 (IMPORTANT)

the middleware will shell-execute that file after each time it re-writes the NAT rules, so you can alter anything to your liking in there.

take a look at the FAQ for our chaining concept, also there is a file called /sbin/init.d/ipfilter.local which does the same for packet filter calls.

HTH [;)]

/tom
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tom_01 over 23 years ago

1. create a file /sbin/init.d/ipnat.local
2. put your own calls to iptables in there
3. chmod it to 400 (IMPORTANT)

the middleware will shell-execute that file after each time it re-writes the NAT rules, so you can alter anything to your liking in there.

take a look at the FAQ for our chaining concept, also there is a file called /sbin/init.d/ipfilter.local which does the same for packet filter calls.

HTH [;)]

/tom
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data