Shorewall users - Jul 2003 - Shorewall port 80 redirect problem

Hello all, I need your help. My shorewall works great I just have had a hard
time triying to configure it such that some users won''t be able to
navigate at all in the internet but they should be able to user my intranet
site. My configuration works like this: Squid + Proxy authentication (username,
password) + Shorewall telling that all request to port 80 should be redirected
to port 3128 (squid)

I need that users without a username and password would be able to see my
intranet site.
And so, I need my users ( or IP specific''s machines, like eg.
192.168.1.85)  to be able to navigate only in my local intranet servers without
using squid, but everytime I tell my browser not to use my proxy server and to
go to port 80 (www) shorewall redirects me to squid which requieres a username
and password.

How can I do so that some IPs are not redirected to squid but let go through and
reach port 80 at my intranet server without the need of Squid or proxy
authentication?

Thank you in advance for your help, here''s my info:

REDIRECT              loc       3128                         tcp            www
ACCEPT                  loc       fw                              tcp           
80

the rules are in that order!

Shorewall version:  1.3.10

2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    inet 168.243.231.119/25 brd 168.243.231.127 scope global eth0

3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1

168.243.231.0/25 dev eth0  scope link 
192.168.1.0/24 dev eth1  scope link 
127.0.0.0/8 dev lo  scope link 
default via 168.243.231.1 dev eth0

On Mon, 7 Jul 2003 17:34:06 -0600, Jos? Antonio Burgos
<jburgos@ugb.edu.sv>
wrote:
>
>
> How can I do so that some IPs are not redirected to squid but let go 
> through and reach port 80 at my intranet server without the need of Squid 
> or proxy authentication?
>
> Thank you in advance for your help, here''s my info:
>
> REDIRECT              loc       3128                         tcp          
> www
> ACCEPT                  loc       fw                              tcp     
> 80
>
>
Change your REDIRECT rule to:

REDIRECT	loc	3128	tcp	www	-	!<ip.of.intranet.server>

That way, anyone can access the intranet server from the local system.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net