[Firewall] allow some ip to bypass HTTP_PROXY_PORT

Marcel u-281 at gmx.net
Mon Jan 9 01:30:54 MST 2006


Here's what I use.

~# iptables-save -t nat
# Generated by iptables-save v1.2.11 on Mon Jan  9 03:24:51 2006
*nat
:PREROUTING ACCEPT [9291:1053502]
:POSTROUTING ACCEPT [20272:1260758]
:OUTPUT ACCEPT [0:0]
:SOCKSIFY - [0:0]
-A PREROUTING -s 192.168.167.0/255.255.255.0 -i eth0 -p tcp -m tcp \
--tcp-flags SYN,RST,ACK SYN -j SOCKSIFY
-A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS \
--clamp-mss-to-pmtu
-A POSTROUTING -s 192.168.167.0/255.255.255.0 -d ! \
192.168.167.0/255.255.255.0 -o ppp+ -j MASQUERADE
-A SOCKSIFY -o lo -j RETURN
-A SOCKSIFY -p tcp -m tcp -m multiport --dports 25,1296,5800,5900,18888 -j \
RETURN
-A SOCKSIFY -d 206.18.98.160 -j RETURN
-A SOCKSIFY -d 143.247.254.11 -j RETURN
-A SOCKSIFY -d 143.247.254.10 -j RETURN
-A SOCKSIFY -d 143.247.253.10 -j RETURN
-A SOCKSIFY -d 62.4.17.14 -j RETURN
-A SOCKSIFY -d 66.36.243.218 -j RETURN
-A SOCKSIFY -d 192.168.167.0/255.255.255.0 -j RETURN
-A SOCKSIFY -d 216.239.64.0/255.255.224.0 -j RETURN
-A SOCKSIFY -d 142.195.128.36 -j RETURN
-A SOCKSIFY -d 142.195.192.54 -j RETURN
-A SOCKSIFY -d 64.124.22.160 -j RETURN
-A SOCKSIFY -d 206.241.31.21 -j RETURN
-A SOCKSIFY -d 64.62.252.153 -j RETURN
-A SOCKSIFY -p tcp -m multiport --dports 80,8000 -j REDIRECT --to-ports \
8888
-A SOCKSIFY -p tcp -j REDIRECT --to-ports 1211 \
COMMIT
# Completed on Mon Jan  9 03:24:51 2006


The lines with -j RETURN must go before those with -j REDIRECT.
Hope it'll help you.

* Pisces Solutions (piscessolutions at gmail.com) wrote:
> can somebody guide me what custom rules i can use, or Arno can add this new
> feature in his next version.
> 



More information about the Firewall mailing list