[squid-users] R: Problem with Squid 3.4 and transparent SSL proxy

[Amos Jeffries]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/11/2014 5:40 a.m., Job wrote:
>> That means in your case avoid directly connecting to the
>> intercepting port. Connect to port 80/443 on some Internet server
>> instead and see
> if> the packets are properly delivered through Squid.
>> Also, avoid telnet for the 443 tests. Use an HTTPS client.
> 
> Hello Amos and thank you, first of all.
> 
> I started squid in debug mode and now i see it:
> 
> 2014/11/11 17:40:17| ERROR: NF getsockopt(ORIGINAL_DST) failed on
> local=192.168.10.254:3130 remote=192.168.10.109:52024 FD 12
> flags=33: (92) Protocol not available
> 

That means that the NAT system has no record of the transaction being
intercepted.

The kind of error which shows up when you deliver traffic directly
from client 192.168.10.109 to an "http_port 3130 intercept" port on
Squid without going through NAT on the Squid box.


> 192.168.10.254 is lan-firewall gateway 192.168.10.109 is the
> workstation where i am trying to surfing on 443 port
> 
> When redirecting the 443 port to squid https_port, errors appears.

Details are critical. Please feel free to flood us with details. Some
of them will be important and we dont know which until we have them.
It is very hard to help an any useful way without lots of details
about what you are doing *exactly*, whats happening *exactly*, and
whats wrong with the happening.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUYtM0AAoJELJo5wb/XPRjHzsH/ip3kd7kv8PSgBBAtiVVZ3ws
8ACmAd3upZs4gZy0WRDRGRiL3uQtnWW7DBte7qWOWWMqdmos+5YNG9WH8hFZ+ZzY
awCG6EvtCjVAzuWGRMMe5FkX4fa8yhutoNFZbOYT33CKfWDQTw5tbljR8PH5PIXc
9h0p8MBqPMZyTJUv13szaGzZENZl88xZ3Chg/OMd7DHdEhTi+Ko8qC2n9mTnhFpg
mnChkgG+Y4XRGKTLECTJGOk7OoxFknPmAWpuPZwAcgQXtr1r3rwnCDjfnp9rSWr/
Gz9wQ4Yt2qcB7rIkDtfbnAjLWOtyn2b958sM0h9xdHFY7legYLNDwN/RkbZ/hEA=
=pNAq
-----END PGP SIGNATURE-----