Explain how to exclude certain hosts from transparent proxy

Signed-off-by: Tom Eastep <teastep@shorewall.net> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9795 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 07:33:43 +01:00 · 2009-04-04 14:28:23 +00:00 · 2009-04-04 14:28:23 +00:00 · 07c579562e
commit 07c579562e
parent 421c5fba05
1 changed files with 16 additions and 0 deletions
--- a/docs/Shorewall_Squid_Usage.xml
+++ b/docs/Shorewall_Squid_Usage.xml
@ -179,6 +179,22 @@ ACCEPT    $FW        net      tcp      www</programlisting>
      <para><filename>/etc/shorewall/rules</filename>:<programlisting>#ACTION   SOURCE     DEST     PROTO    DEST PORT(S)     SOURCE     ORIGINAL
 #                                                       PORT(S)    DEST
 REDIRECT  loc        3128     tcp      www              -          !206.124.146.177,130.252.100.0/24</programlisting></para>
+
+      <para>People frequently ask <emphasis>How can I exclude certain internal
+      systems from using the proxy? I want to allow those systems to go
+      directly to the net</emphasis>.</para>
+
+      <para>Suppose that you want to exclude 192.168.1.5 and 192.168.1.33 from
+      the proxy. Your rules would then be:</para>
+
+      <programlisting>#ACTION   SOURCE     DEST     PROTO    DEST PORT(S)     SOURCE     ORIGINAL
+#                                                       PORT(S)    DEST
+REDIRECT  loc:!192.168.1.5,192.168.1.33\
+                     3128     tcp      www              -          !206.124.146.177,130.252.100.0/24
+ACCEPT    loc        net      tcp      www</programlisting>
+
+      <para>The second rule may be omitted if your loc-&gt;net policy is
+      ACCEPT.</para>
    </section>

    <section id="Local">