[squid-users] squid 3.5 ssl-bump intercept TCP_DENIED/200 on bridge mode

Amos Jeffries squid3 at treenet.co.nz
Sun Jun 11 11:48:07 UTC 2017


On 09/06/17 16:05, Jason Chiu wrote:
> test case 2:
> -----------------------------------------
> but I want use transparent mode (intercept with PF rdr).
> intercept mode add the following acl rule :
>
> acl bumpedPorts myportname 3129
> http_access allow CONNECT bumpedPorts
> .....
> https_port 3129 intercept ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>
> access.log no appear TCP_DENIED/200 0 CONNECT 127.0.0.1:3129
> but client web browser has been waiting and no response.

Ah, sorry I should have remembered this earlier:
<http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html#ss2.4>

TL;DR:  Add --with-nat-devpf to your build options for FreeBSD.

Amos



More information about the squid-users mailing list