[squid-users] squid intercept mode fo http & https
Antony.Stone at squid.open.source.it
Sat Nov 21 16:21:52 UTC 2015
On Saturday 21 November 2015 at 17:02:56, Ahmad Alzaeem wrote:
> Hi Guys I have a squid runnng in intercept mode
> I have a dns to resolve all the websites to the ip of proxy
Which instructions / documentation did you follow saying that was a good idea?
> I want the proxy to be able to operate normally
Then, set up your DNS server normally as well :)
> and don't look @ the destination ip since all packet will have the
> destination ip as the ip of proxy
I think you have the wrong idea of what "intercept mode" means.
> I want the proxy to operate based on the domain name.
So, just route the packets to the proxy (with the *correct* destination IP
address) as per all the guidelines you can find on the Internet showing how to
do this, and Squid will do the rest.
> So far I have the squid listenting on port 11611 interept mode and I have
> traffic 80 , 443 hit the linux proxy server
You need to perform NAT on the same box as Squid is running on, to redirect
packets from their original IP address, to the IP of Squid, and it will work.
Undo the weirdness you've created with DNS.
> Now I cant open either http or https .
I can only say "I'm not surprised." You've told the clients to connect to
Squid as a web server. Squid finds its own IP as the destination, and gives
> Squid.conf :
> dns_nameservers 184.108.40.206
I strongly recommend you to set up a local caching name server, and point both
your clients, and Squid, at it.
> visible_hostname seerver.server
Have you cut and pasted this configuration file, or (mis-)typed it?
> acl localnet src xxx.0.0/16 xxx.0.0/16 192.168.0.0/16 # RFC1918 possible
> internal network
You have public IPs on your internal network?
Unusual, but plausible... I'm just checking to make sure I understand your
> # Squid normally listens to port 3128
> #http_port 443 intercept
> http_port 10.159.144.206:11611 intercept
So, the Squid server has a private IP - this makes it all the more unusual
that you seem to have public IPs on your internal network.
> iptables settings :
> iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT
> --to-destination 10.159.144.206:11611
That looks fine for a standard intercept setup.
> any help ?????
Undo your DNS strangeness and let us know if it starts working.
"There is no reason for any individual to have a computer in their home."
- Ken Olsen, President of Digital Equipment Corporation (DEC, later consumed
by Compaq, later merged with HP)
Please reply to the list;
please *don't* CC me.
More information about the squid-users