Hello,
Im experiencing problems using hotspot authentication and clients which needs to get away of the proxy. Not simply puting rules in the proxy server for not cache some host because a couple of systems uses the 80 tcp port with others protocols (like some governalmental instituitions). Without hotpot the solution is simple: I do a mangle rule that marks the destination network and in dnat rule I fordward everything excepts the mark (namedk no-cache), so de packets dont pass throught proxy. but hotspot uses mangle to get his authentication and create dynamics rules always above my rule, so it’s becomes useless.
Any idea to solve this problem?
Thank you in advance, 
Pedro Ortale
