[squid-users] SSL Bump and NF getsockopt failed

Amos Jeffries squid3 at treenet.co.nz
Sat Oct 3 05:44:25 UTC 2015

On 3/10/2015 12:31 a.m., Job wrote:
> Hello,
> i have enabled SSL Bump with certificates, i redirect the 443 on the 3129 port of my Squid server but https sites are not accessible anymore and i can see these errors in logs:
> ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.xxx

The connection arriving at Squid does not have any NAT records in the
Squid machine kernel.

It is mandatory that NAT be done on the Squid machine. Not on some
remote router (aka CPE "port-forwarding").

It is mandatory that you *not* test NAT ports by configuring your
browser to use the proxy via it. Configure the testing browser the same
way teh cleints woudl be tested.


More information about the squid-users mailing list