olá amigos gostaria que me ajudassem. quero que duas maquinas na minha empresa não passem pelo proxy. já tentei varias regras e nada.
meu fariwall:

#!/bin/sh
#### carregar modulos
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_REDIRECT
modprobe ipt_tos
modprobe iptable_filter
modprobe iptable_mangle
modprobe ipt_REJECT
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ipt_state
modprobe ipt_mark
#modprobe ipt_LOG
modprobe ipt_limit
modprobe ipt_owner
modprobe ipt_multiport

##### limpa todas as regras
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
echo "Limpando as regras.............................[OK]"

#Bloqueio WhatsApp

iptables -A INPUT -p tcp --dport 5222 -j DROP
iptables -A INPUT -p tcp --dport 5223 -j DROP
iptables -A INPUT -p tcp --dport 5228 -j DROP
iptables -A FORWARD -p tcp --dport 5222 -j DROP
iptables -A FORWARD -p tcp --dport 5223 -j DROP
iptables -A FORWARD -p tcp --dport 5228 -j DROP

###bloquear ultrasurf
iptables -A FORWARD -d 65.49.14.0/24 -j LOG --log-prefix "=UltraSurf="


#Servidor de Cameras
iptables -A FORWARD -i eth0 -d 192.168.2.130 -p tcp --dport 90 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 90 -j DNAT --to-dest 192.168.2.130:90

iptables -A FORWARD -i eth0 -d 192.168.2.130 -p tcp --dport 34567 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 34567 -j DNAT --to-dest 192.168.2.130:34567

iptables -A FORWARD -i eth0 -d 192.168.2.130 -p tcp --dport 34599 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 34599 -j DNAT --to-dest 192.168.2.130:34599

iptables -A FORWARD -i eth0 -d 192.168.2.130 -p udp --dport 90 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 90 -j DNAT --to-dest 192.168.2.130:90

iptables -A FORWARD -i eth0 -d 192.168.2.130 -p udp --dport 34567 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 34567 -j DNAT --to-dest 192.168.2.130:34567

iptables -A FORWARD -i eth0 -d 192.168.2.130 -p udp --dport 34599 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 34599 -j DNAT --to-dest 192.168.2.130:34599

#Bloqueia Geral
#iptables -A INPUT -m string --string "X-Kazaa" -j DROP
#iptables -A FORWARD -m string --algo bm --string "facebook.com" -j DROP
#iptables -A OUTPUT -m string --algo bm --string "facebook.com" -j DROP
#iptables -A FORWARD -m string --algo bm --string "youtube.com" -j DROP
#iptables -A OUTPUT -m string --algo bm --string "youtube.com" -j DROP

iptables -A FORWARD -m string --algo bm --string "whatsapp" -j DROP
iptables -A OUTPUT -m string --algo bm --string "whatsapp" -j DROP


#IP LIBERADO (Rodrigo)
#iptables -I FORWARD -i eth1 -s 192.168.2.145 -m string --algo bm --string "facebook.com" -j ACCEPT
#iptables -I OUTPUT -i eth1 -s 192.168.2.145 -m string --algo bm --string "facebook.com" -j ACCEPT



# NAT para compartilhar internet
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "Compartilhamento ativado.......................[OK]"

# OPENVPN
iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 10.10.10.0/24 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE


##### VNC
# Redireciona portas na primeira maquina vnc troque o ip conforme a maquina que deseja acessar.
iptables -A FORWARD -i eth0 -d 192.168.2.104 -p tcp --dport 5800:5900 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.2.104 -p udp --dport 5800:5900 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5800:5900 -j DNAT --to-dest 192.168.2.104:5800-5900
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5800:5900 -j DNAT --to-dest 192.168.2.104:5800-5900

#Exclui dominio do NAT e do Proxy (sulamerica)
iptables -t nat -A PREROUTING -d 200.255.120.40 -j RETURN
iptables -t nat -A PREROUTING -d 200.255.120.216 -j RETURN
echo "Sulamerica liberado............................[OK]"

#Exclui dominio do NAT e do Proxy (google)
#iptables -t nat -A PREROUTING -d 187.18.184.38 -j RETURN
#iptables -t nat -A PREROUTING -d 200.255.120.216 -j RETURN

#bloqueia acesso http e https fora do proxy
#iptables -A FORWARD -p tcp -m multiport --dports 80,443 -j DROP

#Bloqueia mac
iptables -A FORWARD -m mac --mac-source 0c:df:a4:c5:a2:e4 -j DROP


#exclui estações do proxy
#iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.102 -p tcp -m multiport --dport 80,443,8080 -j ACCEPT
#echo "Estações excluidas do proxy....................[OK]"

# redireciona o trafego da prota 80 para 3128 (squid) Proxy Transparente
iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dport 80,8080 -j REDIRECT --to-ports 3128
echo "Proxy transperente ativado.....................[OK]"