This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Proxy and Packet filter

we are using NAT for the LAN users and also using the proxy in transparent mode.As we noticed the packet filter rule does not work when proxy is enabled in this case how can we remove only one IP from proxy so the packet filter rule works and drop all traffic to that IP

This thread was automatically locked due to age.

0 BAlfson over 15 years ago

"we are using NAT for the LAN users" - I assume you mean you have a masq rule: 'Internal (Network) -> External', but I don't understand why that is relevant.

In transparent mode, the proxy captures all port 80 traffic from IPs included in 'Allowed Networks' on the 'Global' tab of HTTP/S. This occurs before your explicit packet filter rules are considered. If you have one IP you want to exclude from a subnet in 'Allowed Networks', you can create a host definition for that IP and put it into the 'Transparent mode skiplist' on the 'Advanced' tab. If you don't want that IP to be able to go out, then leave 'Allow HTTP traffic for listed hosts/nets' unchecked.

That will work fine unless the user is smart enough to change the IP of the PC...

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel