how to avoid some IP subnets to use transparent proxy

[hemin]

Happy new Year!

I have problems with squid transparent proxy and telegram, telegram is working but I can't download any picture, so I want to avoid telegram subnets (I don't find any domain) to use squid.
Seems that bump list only support IPs and domais, but not subnets (or my be I'm doing something wrong).

One way is to configure NAT policy to NAT all but these ranges using inverse destination, the problem is i'm using this method to avoid some source IPs to go to  the proxy, so I think that it's not possible use both methods at the same time because NAT redirection take effect on the first rule, and "bypass" the next policy in this case.

May be I have to use the NAT option "No RDR" with the SRC and DST aliases?

Regards

[Cuffs]

Hi

Why not include !NoDSTProxy on the first rule as well?

br
Christian

[hemin]

Hi,

Because the NAT policy act as a AND, so if I put as source !NoSCRProxy and destination !NoDSTProxy then it only will do NAT when source is different AND destination is different.

I'm testing with the option "No RDR" or "no redirect" and seems that this is the correct solution