On 9/13/06, Martin Toft <[EMAIL PROTECTED]> wrote:
>
> Joco Salvatti wrote:
> > Hi all,
> >
> > I use transparent proxy, but I have some machines that should access
> > some subnets without proxy, in order to gain access to some
> > applications. When I allow the straight connection to these subnets
> > only the first subnet in the list has effect. The connection to other
> > subnets continue to pass through proxy. I've already searched on the
> > Internet, but all I've noticed was a lot of people claiming to have
> > the same problems, but no solution. Has anyone here in this list a tip
> > about how to solve this issue?
> >
> > nonat = "{ 200.201.174.0/24, 200.252.141.0/24 }"
> > rdr on $int_if inet proto tcp from $int_if:network to ! $nonat port
> > www -> $loop_if port 3128
> >
> > Thanks.
>
> Your list expands it another way than you think :)
>
> Try to use a table:
>
> table <nonat> const { 200.201.174.0/24 200.252.141.0/24 }
> rdr on $int_if inet proto tcp from $int_if:network to ! <nonat> port www
> -> $loop_if port 3128
>
> --Martin
is table work with NAT ?
in NAT, I use "no rdr" before your "rdr" rule
nonat="{ 200.201.174.0/24 200.252.141.0/24 }"
no rdr on $int_if from $int_if:network to to $nonat
rdr on $int_if .....
