Re: Transparent Proxy Bypass
From: Circuit Breaker (bagboy6437_at_ship.aol.com)
Date: Tue, 18 May 2004 13:02:18 -0400
On Tue, 18 May 2004 11:22:49 -0400, Will wrote:
> Hello I am having some problems with a couple of web sites which my
> users heavily use for doing their day to day activity which does not
> appear to fair well with squid as they keep getting kicked off the site
> when they are logged in a performing various task none of which is ever
> consistant. If I kill the proxy and use NAT all is perfect so I need a
> way to bypass the proxy for the sites in question. I have a tansparent
> setup but an not sure how to bypass the proxy for this site any help
> would be appriciated.
> I am using iptables with a preroute of
> iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT
> --to-port 1234
> Is it possible to add a preroute for this certain site which will make
> it use NAT to get to the destination or is their somthing in squid I can
> do ?
> Thank you
This probably won't help you, but I've been curious about doing something
myself which is not entirely unlike what you currently have.
My desire is to use NAT but to route inbound pages through a proxy to
speed up redundant transfer (i.e., going to AOL mail and having to DL the
same "reply" "reply all" "forward" etc. buttons for every mail view gets
old -- and yes, the browser IS set to cache this stuff).
My system is the internet gateway for the house. I don't leave it on all
the time, so it's impractical for me to set up a proxy server. To do so
would mean having to reconfigure the client machines each time I connect
or disconnect my machine from the Internet. However, I would like to set
up some form of caching so that certain websites load faster (the browsers
ARE set up to cache by themselves, but for some reason certain sites
continue to download the same images -- i.e. aol.com and the mail
What I was thinking of researching (haven't gotten to it just yet) was
using the proxy like a network device a la eth0, eth1, ppp0, etc. I was
thinking of making a route for all traffic to pass through the NAT
Masquerade, from there into the proxy and from there access the internet.
That way, I could still maintain NAT localnet configurations, which will
prevent me from having to set up individual stations to use proxy, and at
the same time I can do "transparent cache" for downloads. **IF** this is
possible, then it would mean that **you** could do it too, and set up the
NAT route to www.foo.bar.com to go through, say, ppp0 or eth0 or whatever
net connection you use, and set the regular traffic to go to prx0 or
whatever that device would be called.
I'm curious how you solve your dilemma as I think it will have an impact
on how I solve mine. I think they're closely related. And it will help
in my research ;-)
I'm sorry this didn't answer your question though, but I don't see why it
wouldn't be possible to set up the firewall to bypass the proxy. Thing
is, I've never set up a proxy, so I don't know :-/