Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

2018-03-11 Thread Valeri Galtsev
On Sun, March 11, 2018 7:09 am, Leon Fauster wrote: > Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs : >> >> I've experimented some more, and I have a partial success. Here, I'm >> redirecting all HTTPS traffic *except* the one that goes to my bank: >> >> iptables -A PREROUTING

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

2018-03-11 Thread Nicolas Kovacs
Le 11/03/2018 à 13:09, Leon Fauster a écrit : > It is not a good practice to place domain names into iptables rules. Define > a custom table, place this table into your rule list (to stick at the right > place) and feed that table with the resolved domain names. This can be > altered > while

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

2018-03-11 Thread Leon Fauster
Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs : > > I've experimented some more, and I have a partial success. Here, I'm > redirecting all HTTPS traffic *except* the one that goes to my bank: > > iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d >

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

2018-03-11 Thread Nicolas Kovacs
Le 11/03/2018 à 11:01, Nicolas Kovacs a écrit : > So here's what I want to do, in plain words: > > 1. Redirect all HTTP traffic (port 80) to port 3128. So far so good. > > 2. Redirect all HTTPS traffic (port 443) to port 3129. Equally OK. > > AND... > > 3. DO NOT REDIRECT traffic that goes to

[CentOS] Squid vs. iptables redirection: exception for certain domains ?

2018-03-11 Thread Nicolas Kovacs
Hi, I'm currently facing a quite tricky problem. Here goes. I have setup Squid as a transparent HTTP+HTTPS proxy in my local network. All web traffic gets handed over to Squid by an iptables script on the server. Here's the relevant section in /etc/squid/squid.conf: