[squid-users] SSL Bump and NF getsockopt failed
Amos Jeffries
squid3 at treenet.co.nz
Sat Oct 3 05:44:25 UTC 2015
On 3/10/2015 12:31 a.m., Job wrote:
> Hello,
>
> i have enabled SSL Bump with certificates, i redirect the 443 on the 3129 port of my Squid server but https sites are not accessible anymore and i can see these errors in logs:
>
> ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.xxx
The connection arriving at Squid does not have any NAT records in the
Squid machine kernel.
It is mandatory that NAT be done on the Squid machine. Not on some
remote router (aka CPE "port-forwarding").
<http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat>
It is mandatory that you *not* test NAT ports by configuring your
browser to use the proxy via it. Configure the testing browser the same
way teh cleints woudl be tested.
Amos
More information about the squid-users
mailing list