Hi I'm using redsocks and iptables port redirection rules to set a transparent proxy, and works fine, but I need to establish iptables rules for non proxy access, to domains, domain1.com
and domain2.com
, and 10.0.0.0/8
Here is my actual redirection rules.
iptables -t nat -A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:5123
iptables -t nat -A OUTPUT -o eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 127.0.0.1:5124
where ports 5123
and 5124
are the ports for redsocks
Its posible to bypass the port redirection for the desired domains and ips??
Best Answer
You can define a ACCEPT rule before your DNAT rule. As usual in iptables, the first matched rule will be applied and no more (can have exception like LOG). So define a rule with -j ACCEPT for your internal networks before a rule with -j DNAT like you propose.
The source IP can be defined in -s 10.0.0.0/8 and a name can be used, but it will be translated in IP. The IP will not be refreshed. Remember that the DNS must be available if you use the name of the host !