Nathan Eady wrote:
> Marcus Kool <marcus.kool_at_urlfilterdb.com> writes:
>> The story about Squid and HTTP 1.1 is long...
>
> Holy cow, it would have to be. Squid is barely even older than HTTP 1.1.
>
>> To get your LiveUpdate working ASAP you might want to
>> fiddle with the firewall rules and to NOT redirect
>> port 80 traffic of Symantec servers to Squid, but
>> simply let the traffic pass.
>
> *Groan*. Yeah, okay, I will look into that.
>
> Off the top of my head, I don't actually know HOW to exclude certain
> traffic from prerouting that would otherwise match the rule. (Does
> REJECT even make sense in the context of the nat table?) I'll have to
> look that up, I guess. I've been writing firewall rulesets long
> enough to remember the transition from IP Chains to IP Tables, but
> this is not something that has ever come up. But the documentation
> presumably covers it...
right REJECT is on its way to be obsolete in the nat table.
Use RETURN instead on a line just before the DNAT/REDIRECT.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Fri Mar 27 2009 - 02:51:26 MDT
This archive was generated by hypermail 2.2.0 : Fri Mar 27 2009 - 12:00:02 MDT