Friday, December 18, 2009

Bypass transparent squid proxy smoothwall

vi /etc/rc.d/rc.firewall.up

find #squid
before #squid, use the following (all one line, ie RETURN is after -j on the same line):

/sbin/iptables -t nat -A PREROUTING -i $GREEN_DEV -p tcp --dport 80 -d yourBypassProxyDomainHere.com -j RETURN

save and exit

Run this to restart iptables

/etc/rc.d/rc.netaddress.down; /etc/rc.d/rc.netaddress.up

done.

OK, *I* wasn't done, because I'm using Full Firewall Control addon, which basically negates anything done in rc.firewall.up (the source code for FFC itself says flush iptables before parsing FFC list.)
So, to bypass proxy for specific addresses in smoothwall via Full Firewall Control, ping the [domain to bypass dansguardian] to get the ip, and set it up as GREEN from anywhere, port 80, to RED (ip address of bypass domain) method TCP Allow. Funny, that seems easier than I'd have thought.

No comments:

Blog Archive