[squid-users] Problem with Squid 3.4 and transparent SSL proxy
Amos Jeffries
squid3 at treenet.co.nz
Tue Nov 11 15:30:38 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/11/2014 4:06 a.m., Job wrote:
> Hello Elizier,
>
> first of all thank you for your patience and help! I use this
> directives in iptables:
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
> --to-port 3128 (for http) iptables -t nat -A PREROUTING -p tcp
> --dport 443 -j REDIRECT --to-port 3129 (for https)
>
> In a normal http-only transparent proxy everything works fine, but
> i would like to implement ssl bump for proxying transparently https
> connection.
>
> When telnetting 3128 or 3129 mode, from Linux machine shell, it
> seems that connection fails. When telnetting 3128 port not in
> interception mode (for standard http transparent proxying), the
> socket opens and stay connected!
Do you mean you are telnet'ing *directly* to a port which is expecting
to receive NAT'd traffic and is also configured to use the NAT packet
details to contact some server?
With proxy of all types you MUST test them from the same
context/perspective the real clients traffic would be using.
That means in your case avoid directly connecting to the intercepting
port. Connect to port 80/443 on some Internet server instead and see
if the packets are properly delivered through Squid.
Also, avoid telnet for the 443 tests. Use an HTTPS client.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUYiueAAoJELJo5wb/XPRj3V8H/3w8d6ahHFfiXIxIa8Y9MyJJ
BziDhnD7CAWnrfuiVWq05Ubr3ZASLh9vJQze0gq7jaJ/sptm92jjF6gkxRWhKNM+
sBDYIA5zyfr9BhYolIus39BeHaQGAu0640gAGd4SeGV4zp5ZugZMa0BV+dNlACIW
m+qe+SvXX8Uz9aiPLCvOdDKykAD7PP9FrqQCzJ0veYqOlVq0inXMf3Jt3hlN5djp
fAu7n7WdG/E5SRki+BaG2RAZ9MQr3uf0WhyNfKLfcvFAyOTCTTLQOeONFDsaMO9C
r2PEk7pfwMss5Q8tu9hBIKoJWEx411Z7wMZsWcoEuXS5a7VrXBoLy2lmMUr6cPw=
=nnfH
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list