[squid-users] Hint for howto wanted ...

Walter H. walter.h at mathemainzel.info
Mon Nov 28 08:58:50 UTC 2016

On Mon, November 28, 2016 06:56, Eliezer Croitoru wrote:
> OK so the next step is:

> Routing over tunnel to the other proxy and on it(which has ssl-bump)
> intercept.
by now only the 3.5.20 squid on the local VM does SSL-bump

> If you have a public on the remote proxies which can use ssl-bump then
> route the traffic to there using Policy Based routing.
how do I configure this?

> You can selectively route by source or destination IP addresses.
by now the remote has in its iptables to only accept port 3128 from my
home IP (IPv6 and IPv4), but the IPv4 at home changes several times a
means it is not fix;

> Now my main question is: Can't you just install 3.5 on the 3.1.23 machine
> and bump there?
SSL bump and parent proxy together doesn't work,
if this worked I wouldn't need the 3.1.23 machine at all ...
the 3.1.23 machine has the other 2 proxies (3.4.14-remote and
3.5.20-local) as parent ...

I should mention that the 3.5.20 box also has ClamAV (SquidClam) which
does malware checking ...
(the remote proxy can't run ClamAV)

> How are you intercepting the connections? What are the iptables rules you
> are using?

the client have configured the 3.1.23 squid box as proxy

> What OS are you running on top of the Squid boxes?

all squid boxes run CentOS 6.8


More information about the squid-users mailing list