[squid-users] Squid 4.8+ intercept
M K
mohammed.khallaf at gmail.com
Tue Aug 30 09:43:57 UTC 2022
Solved!
I stated that I was using 3 ports...
"> Now, I have one last bit to handle, which you did not cover in your
> video. I'm using 3 ports for squid like Rafael's guide: one for normal
> CONNECT, one for intercepted plain HTTP on 80, and one for intercepted
> HTTPs on 443."
which is the correct setup, but I found that I did not actually apply
the idea to config! It works now...(redirect 80 to 3129 and 443 to
3130)
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp
dpt:http redir ports 3129
REDIRECT tcp -- anywhere anywhere tcp
dpt:https redir ports 3130
and on squid.conf:
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump cert=/xxx/xxx/xxx.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=999MB
Thank you so much for all your help and support.
On Mon, Aug 29, 2022 at 5:35 PM M K <mohammed.khallaf at gmail.com> wrote:
>
> iptables PREROUTING:
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere ADDRTYPE
> match dst-type LOCAL
> REDIRECT tcp -- anywhere anywhere tcp
> dpt:http redir ports 3130
> REDIRECT tcp -- anywhere anywhere tcp
> dpt:https redir ports 3130
> -------------------------
> Mikrotik mangle:
> add action=route chain=prerouting dst-port=80 passthrough=no
> protocol=tcp route-dst={squid} src-address={client}
> add action=route chain=prerouting connection-state="" dst-port=443
> passthrough=no protocol=tcp route-dst={squid} src-address={client}
> -------------------------
> full squid.conf:
> acl client src x.x.x.x/x
>
> http_access allow client
> http_access deny all
>
> http_port 3128
> https_port 3130 intercept ssl-bump cert=/xxx/xxx/xxx.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=999MB
>
> acl tls_connect at_step SslBump1
> ssl_bump peek tls_connect
> ssl_bump splice all
> ---------------------------
> Firefox behavior...
> HTTPS: ALL OK!
>
> HTTP (http://google.com):
>
> The connection was reset
>
> The connection to the server was reset while the page was loading.
>
> The site could be temporarily unavailable or too busy. Try again
> in a few moments.
> If you are unable to load any pages, check your computer’s network
> connection.
> If your computer or network is protected by a firewall or proxy,
> make sure that Firefox is permitted to access the Web.
> ---------------------------
> Squid log:
>
> HTTPS:
> ----------
> 1661786874.087 5981 {client} TCP_TUNNEL/200 152 CONNECT
> js-sec.indexww.com:443 - ORIGINAL_DST/92.123.33.225 -
> 1661786874.087 5855 {client} TCP_TUNNEL/200 152 CONNECT
> js-sec.indexww.com:443 - ORIGINAL_DST/92.123.33.225 -
> 1661786877.448 10391 {client} TCP_TUNNEL/200 1254 CONNECT
> prg.smartadserver.com:443 - ORIGINAL_DST/185.86.138.32 -
> 1661786878.480 4 {client} NONE/200 0 CONNECT 64.74.236.255:443 -
> HIER_NONE/- -
> 1661786886.125 7644 {client} TCP_TUNNEL/200 3850 CONNECT
> mcdp-chidc2.outbrain.com:443 - ORIGINAL_DST/64.74.236.255 -
> 1661786886.916 5 {client} NONE/200 0 CONNECT 54.192.111.67:443 -
> HIER_NONE/- -
> 1661786887.070 3 {client} NONE/200 0 CONNECT 34.98.75.36:443 -
> HIER_NONE/- -
> 1661786887.275 0 {client} NONE_ABORTED/200 0 CONNECT
> 88.221.111.34:80 - HIER_NONE/- -
> 1661786887.548 4 {client} NONE/200 0 CONNECT 54.192.111.44:443 -
> HIER_NONE/- -
> 1661786888.550 147502 {client} TCP_TUNNEL/200 8554 CONNECT
> cdn.cnn.com:443 - ORIGINAL_DST/2.23.52.55 -
> 1661786888.718 1 {client} NONE/200 0 CONNECT 185.86.138.32:443 -
> HIER_NONE/- -
> 1661786889.510 143920 {client} TCP_TUNNEL/200 9655 CONNECT
> aax-eu.amazon-adsystem.com:443 - ORIGINAL_DST/52.95.125.22 -
> 1661786889.510 116428 {client} TCP_TUNNEL/200 6386 CONNECT
> segment-data-us-east.zqtk.net:443 - ORIGINAL_DST/52.72.26.11 -
> 1661786889.609 6 {client} NONE/200 0 CONNECT 92.123.33.225:443 -
> HIER_NONE/- -
> 1661786890.379 149287 {client} TCP_TUNNEL/200 444896 CONNECT
> lightning.cnn.com:443 - ORIGINAL_DST/2.23.52.55 -
> 1661786892.987 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786892.992 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786892.998 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.003 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.009 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.014 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.019 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.024 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.029 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.034 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.044 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.048 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.053 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.057 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.062 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.067 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.072 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.078 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.082 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.087 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.093 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.098 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.102 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.107 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.112 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.116 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.120 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.125 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.129 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.134 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.140 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.144 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.148 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.152 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.156 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.160 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.165 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.170 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.174 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.178 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.184 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.188 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.192 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.196 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.200 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.204 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.208 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.213 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.217 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.221 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.227 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.231 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.236 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.240 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.243 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.247 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.251 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.255 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.260 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786893.264 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786894.773 5163 {client} TCP_TUNNEL/200 152 CONNECT
> js-sec.indexww.com:443 - ORIGINAL_DST/92.123.33.225 -
> 1661786899.041 10322 {client} TCP_TUNNEL/200 1254 CONNECT
> prg.smartadserver.com:443 - ORIGINAL_DST/185.86.138.32 -
> 1661786899.111 125320 {client} TCP_TUNNEL/200 27104 CONNECT
> images.outbrainimg.com:443 - ORIGINAL_DST/92.123.32.26 -
> 1661786899.314 152898 {client} TCP_TUNNEL/200 285438 CONNECT
> widgets.outbrain.com:443 - ORIGINAL_DST/92.123.34.112 -
> 1661786899.484 98933 {client} TCP_TUNNEL/200 6583 CONNECT
> s.amazon-adsystem.com:443 - ORIGINAL_DST/209.54.182.161 -
> 1661786902.387 3 {client} NONE/200 0 CONNECT 64.74.236.255:443 -
> HIER_NONE/- -
> 1661786903.220 3 {client} NONE/200 0 CONNECT 142.251.37.170:443 -
> HIER_NONE/- -
> 1661786903.361 3 {client} NONE/200 0 CONNECT 92.123.33.225:443 -
> HIER_NONE/- -
> 1661786903.390 169 {client} TCP_TUNNEL/200 1868 CONNECT
> safebrowsing.googleapis.com:443 - ORIGINAL_DST/142.251.37.170 -
> 1661786903.430 2 {client} NONE/200 0 CONNECT 3.217.56.194:443 -
> HIER_NONE/- -
> 1661786903.462 1 {client} NONE/200 0 CONNECT 178.32.210.226:443 -
> HIER_NONE/- -
> 1661786904.650 104106 {client} TCP_TUNNEL/200 4310 CONNECT
> pixel-eu.rubiconproject.com:443 - ORIGINAL_DST/69.173.144.165 -
> 1661786905.983 3 {client} NONE/200 0 CONNECT 64.202.112.127:443 -
> HIER_NONE/- -
> 1661786905.992 2561 {client} TCP_TUNNEL/200 5831 CONNECT
> logx.optimizely.com:443 - ORIGINAL_DST/3.217.56.194 -
> 1661786906.105 121 {client} TCP_TUNNEL/200 0 CONNECT
> tr.outbrain.com:443 - ORIGINAL_DST/64.202.112.127 -
> 1661786906.354 2 {client} NONE/200 0 CONNECT 2.23.52.55:443 - HIER_NONE/- -
> 1661786906.358 1 {client} NONE/200 0 CONNECT 2.23.52.55:443 - HIER_NONE/- -
> 1661786906.364 1 {client} NONE/200 0 CONNECT 92.123.34.112:443 -
> HIER_NONE/- -
> 1661786906.620 1 {client} NONE/200 0 CONNECT 146.75.56.64:443 -
> HIER_NONE/- -
> 1661786906.767 3 {client} NONE/200 0 CONNECT 3.217.56.194:443 -
> HIER_NONE/- -
> 1661786907.001 2 {client} NONE/200 0 CONNECT 151.101.1.195:443 -
> HIER_NONE/- -
> 1661786907.494 2 {client} NONE/200 0 CONNECT 54.93.141.29:443 -
> HIER_NONE/- -
> 1661786907.596 2 {client} NONE/200 0 CONNECT 142.251.37.48:443 -
> HIER_NONE/- -
> 1661786907.777 2 {client} NONE/200 0 CONNECT 92.122.218.83:443 -
> HIER_NONE/- -
> 1661786907.913 2 {client} NONE/200 0 CONNECT 54.231.203.49:443 -
> HIER_NONE/- -
> 1661786907.914 4 {client} NONE/200 0 CONNECT 54.231.203.49:443 -
> HIER_NONE/- -
> 1661786907.916 6 {client} NONE/200 0 CONNECT 54.231.203.49:443 -
> HIER_NONE/- -
> 1661786907.919 7 {client} NONE/200 0 CONNECT 18.161.111.80:443 -
> HIER_NONE/- -
> 1661786908.008 1 {client} NONE/200 0 CONNECT 91.228.74.208:443 -
> HIER_NONE/- -
> 1661786908.012 5 {client} NONE/200 0 CONNECT 64.202.112.127:443 -
> HIER_NONE/- -
> 1661786908.135 0 {client} NONE_ABORTED/200 0 CONNECT
> 216.58.212.99:80 - HIER_NONE/- -
> 1661786908.305 3 {client} NONE/200 0 CONNECT 92.123.34.112:443 -
> HIER_NONE/- -
> 1661786908.393 5031 {client} TCP_TUNNEL/200 152 CONNECT
> js-sec.indexww.com:443 - ORIGINAL_DST/92.123.33.225 -
> 1661786908.393 172182 {client} TCP_TUNNEL/200 8323 CONNECT
> www.google.com:443 - ORIGINAL_DST/142.250.200.196 -
> 1661786908.561 0 {client} NONE_ABORTED/200 0 CONNECT
> 18.161.108.38:80 - HIER_NONE/- -
> 1661786908.562 0 {client} NONE_ABORTED/200 0 CONNECT
> 18.161.108.38:80 - HIER_NONE/- -
> 1661786908.562 0 {client} NONE_ABORTED/200 0 CONNECT
> 18.161.108.38:80 - HIER_NONE/- -
> 1661786909.615 2 {client} NONE/200 0 CONNECT 104.108.78.219:443 -
> HIER_NONE/- -
> 1661786909.620 2 {client} NONE/200 0 CONNECT 54.147.61.21:443 -
> HIER_NONE/- -
> 1661786909.685 3 {client} NONE/200 0 CONNECT 13.36.218.177:443 -
> HIER_NONE/- -
> 1661786910.704 5 {client} NONE/200 0 CONNECT 3.229.71.121:443 -
> HIER_NONE/- -
> 1661786910.820 1 {client} NONE/200 0 CONNECT 94.237.48.66:443 -
> HIER_NONE/- -
> 1661786910.981 161 {client} TCP_TUNNEL/200 5583 CONNECT
> v8-emea.sdk.beemray.com:443 - ORIGINAL_DST/94.237.48.66 -
> 1661786910.985 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786910.993 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786910.999 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.003 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.012 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.020 2 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.024 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.030 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.034 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.040 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.151 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.156 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.162 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.167 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.172 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.177 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.182 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.187 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.192 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.197 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.204 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.208 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.212 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.215 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.219 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.223 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.227 1 {client} NONE/200 0 CONNECT 52.72.26.11:443 -
> HIER_NONE/- -
> 1661786911.229 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.233 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.237 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.242 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.250 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.254 1 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.258 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.262 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.267 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.272 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786911.392 5027 {client} TCP_TUNNEL/200 152 CONNECT
> amplify.outbrain.com:443 - ORIGINAL_DST/92.123.34.112 -
> 1661786911.398 2 {client} NONE/200 0 CONNECT 52.95.126.160:443 -
> HIER_NONE/- -
> 1661786911.526 5 {client} NONE/200 0 CONNECT 34.246.41.28:443 -
> HIER_NONE/- -
> 1661786911.530 1 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786912.393 170550 {client} TCP_TUNNEL/200 18491 CONNECT
> get.s-onetag.com:443 - ORIGINAL_DST/18.161.111.16 -
> 1661786912.393 170968 {client} TCP_TUNNEL/200 5658 CONNECT
> cdn.jsdelivr.net:443 - ORIGINAL_DST/104.16.88.20 -
> 1661786912.622 3 {client} NONE/200 0 CONNECT 172.217.18.33:443 -
> HIER_NONE/- -
> 1661786912.733 5239 {client} TCP_TUNNEL/200 6889 CONNECT
> mms.cnn.com:443 - ORIGINAL_DST/54.93.141.29 -
> 1661786912.772 150 {client} TCP_TUNNEL/200 5179 CONNECT
> 4669ca4556421dd764fce36af596f212.safeframe.googlesyndication.com:443 -
> ORIGINAL_DST/172.217.18.33 -
> 1661786913.104 112542 {client} TCP_TUNNEL/200 4310 CONNECT
> pixel.rubiconproject.com:443 - ORIGINAL_DST/69.173.144.138 -
> 1661786913.383 2 {client} NONE/200 0 CONNECT 54.93.141.29:443 -
> HIER_NONE/- -
> 1661786913.394 5475 {client} TCP_TUNNEL/200 371 CONNECT
> cdn.boomtrain.com:443 - ORIGINAL_DST/18.161.111.80 -
> 1661786913.395 170794 {client} TCP_TUNNEL/200 16461 CONNECT
> signal-beacon.s-onetag.com:443 - ORIGINAL_DST/54.192.111.35 -
> 1661786913.395 170901 {client} TCP_TUNNEL/200 7241 CONNECT
> onetag-geo.s-onetag.com:443 - ORIGINAL_DST/18.161.97.41 -
> 1661786913.396 173362 {client} TCP_TUNNEL/200 8454 CONNECT
> www.cnn.com:443 - ORIGINAL_DST/146.75.59.5 -
> 1661786913.464 2 {client} NONE/200 0 CONNECT 18.193.134.248:443 -
> HIER_NONE/- -
> 1661786913.859 10397 {client} TCP_TUNNEL/200 5083 CONNECT
> prg.smartadserver.com:443 - ORIGINAL_DST/178.32.210.226 -
> 1661786914.884 6971 {client} TCP_TUNNEL/200 131386 CONNECT
> advsync.s3.amazonaws.com:443 - ORIGINAL_DST/54.231.203.49 -
> 1661786915.017 7103 {client} TCP_TUNNEL/200 130794 CONNECT
> advsync.s3.amazonaws.com:443 - ORIGINAL_DST/54.231.203.49 -
> 1661786915.025 7108 {client} TCP_TUNNEL/200 132142 CONNECT
> advsync.s3.amazonaws.com:443 - ORIGINAL_DST/54.231.203.49 -
> 1661786915.396 174730 {client} TCP_TUNNEL/200 102282 CONNECT
> cdn.cookielaw.org:443 - ORIGINAL_DST/104.16.148.64 -
> 1661786915.523 7511 {client} TCP_TUNNEL/200 3798 CONNECT
> tr.outbrain.com:443 - ORIGINAL_DST/64.202.112.127 -
> 1661786916.252 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.257 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.262 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.266 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.271 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.275 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.280 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.286 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.290 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.294 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.302 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.307 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.311 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.315 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.319 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.324 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.328 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.333 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.337 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.341 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786916.397 116628 {client} TCP_TUNNEL/200 15014 CONNECT
> eus.rubiconproject.com:443 - ORIGINAL_DST/104.125.24.254 -
> 1661786916.397 170897 {client} TCP_TUNNEL/200 6473 CONNECT
> www.ugdturner.com:443 - ORIGINAL_DST/34.237.36.10 -
> 1661786916.398 170966 {client} TCP_TUNNEL/200 4198 CONNECT
> warnermediagroup-com.videoplayerhub.com:443 - ORIGINAL_DST/104.26.9.50
> -
> 1661786917.171 14783 {client} TCP_TUNNEL/200 4492 CONNECT
> mcdp-chidc2.outbrain.com:443 - ORIGINAL_DST/64.74.236.255 -
> 1661786917.399 170571 {client} TCP_TUNNEL/200 6635 CONNECT
> securepubads.g.doubleclick.net:443 - ORIGINAL_DST/142.251.37.162 -
> 1661786917.400 170992 {client} TCP_TUNNEL/200 13115 CONNECT
> static.adsafeprotected.com:443 - ORIGINAL_DST/54.192.111.91 -
> 1661786918.630 5165 {client} TCP_TUNNEL/200 570 CONNECT
> www.summerhamster.com:443 - ORIGINAL_DST/18.193.134.248 -
> 1661786918.718 5335 {client} TCP_TUNNEL/200 8722 CONNECT
> mms.cnn.com:443 - ORIGINAL_DST/54.93.141.29 -
> 1661786919.561 120339 {client} TCP_TUNNEL/200 4961 CONNECT
> secure-assets.rubiconproject.com:443 - ORIGINAL_DST/2.17.80.55 -
> 1661786920.402 173997 {client} TCP_TUNNEL/200 38769 CONNECT
> static.chartbeat.com:443 - ORIGINAL_DST/18.161.105.235 -
> 1661786920.669 174219 {client} TCP_TUNNEL/200 81160 CONNECT
> ads.pubmatic.com:443 - ORIGINAL_DST/92.123.33.150 -
> 1661786921.369 145142 {client} TCP_TUNNEL/200 521393 CONNECT
> player.aniview.com:443 - ORIGINAL_DST/92.123.34.136 -
>
> HTTP:
> --------
> 1661786959.922 4 {client} NONE/200 0 CONNECT 142.250.200.196:443
> - HIER_NONE/- -
> 1661786959.987 64 {client} TCP_TUNNEL/200 0 CONNECT
> www.google.com:443 - ORIGINAL_DST/142.250.200.196 -
> 1661786960.061 4 {client} NONE/200 0 CONNECT 142.250.200.196:443
> - HIER_NONE/- -
> 1661786960.177 0 {client} NONE_ABORTED/200 0 CONNECT
> 216.58.212.99:80 - HIER_NONE/- -
> 1661786968.308 4 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.317 1 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.337 1 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.344 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.348 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.352 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.360 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.364 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.367 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786968.371 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786971.049 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.053 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.057 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.060 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.064 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.068 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.072 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.076 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.080 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.084 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.093 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.098 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.102 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.105 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.110 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.113 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.117 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.121 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.125 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.128 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.134 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.138 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.142 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.146 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.150 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.154 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.158 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.162 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.166 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.171 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.179 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.183 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.186 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.191 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.194 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.199 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.202 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.206 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.210 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.214 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.220 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.224 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.228 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.231 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.235 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.239 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.244 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.248 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.252 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.256 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.262 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.266 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.270 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.273 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.277 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.281 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.285 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.289 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.292 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786971.296 0 {client} NONE_ABORTED/200 0 CONNECT
> 34.107.221.82:80 - HIER_NONE/- -
> 1661786975.433 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.447 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.453 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.460 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.464 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.471 3 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.475 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.480 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.486 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786975.491 0 {client} NONE_ABORTED/200 0 CONNECT
> 151.101.3.5:80 - HIER_NONE/- -
> 1661786987.518 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.527 8 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.531 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.540 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.544 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.548 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.557 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.562 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.566 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
> 1661786987.571 0 {client} NONE_ABORTED/200 0 CONNECT
> 172.217.18.238:80 - HIER_NONE/- -
>
> On Thu, Aug 18, 2022 at 4:05 PM <ngtech1ltd at gmail.com> wrote:
> >
> > Hey K,
> >
> > I need your Mikrotik and squid.conf and iptables to understand what the issue might be.
> > You will need to describe your setup in a way I can relate to it.
> > There is not much of a difference between port 80 to 443 just that the port need to have ssl-bump settings If you are using it.
> > The CONNECT port is a simple forward proxy and it seems your setup is not as simple as you describe.
> > If you do have NAT then you need this to be only on specific interfaces in the Mikrotik and the Squid server.
> >
> > In my case the basic setup works for a very long time now so I cannot imagine what's wrong in your case.
> >
> > Eliezer
> >
> > ----
> > Eliezer Croitoru
> > NgTech, Tech Support
> > Mobile: +972-5-28704261
> > Email: ngtech1ltd at gmail.com
> > Web: https://ngtech.co.il/
> > My-Tube: https://tube.ngtech.co.il/
> >
> > -----Original Message-----
> > From: M K <mohammed.khallaf at gmail.com>
> > Sent: Thursday, 18 August 2022 6:20
> > To: ngtech1ltd at gmail.com
> > Cc: squid-users at lists.squid-cache.org; Rafael Akchurin <rafael.akchurin at diladele.com>
> > Subject: Re: [squid-users] Squid 4.8+ intercept
> >
> > Hello Eliezer,
> >
> > I finally got my setup to work; turned out to be intercepted clients
> > running into default nat, while my test squid server did not allow
> > them access, not even through iptables!
> >
> > Now, I have one last bit to handle, which you did not cover in your
> > video. I'm using 3 ports for squid like Rafael's guide: one for normal
> > CONNECT, one for intercepted plain HTTP on 80, and one for intercepted
> > HTTPs on 443.
> >
> > The setup works awesome for TLS addresses (i.e https://), but browser
> > redirection from Plain to TLS, say from http://cnn.com to
> > https://cnn.com, fails to happen. It just waits then time out.
> > What could be done to make it happen?
> >
> > All best,
> > K
> >
> >
> > On Sat, Aug 13, 2022 at 7:57 PM <ngtech1ltd at gmail.com> wrote:
> > >
> > > Hey K,
> > >
> > >
> > >
> > > What RouterOS version are you using?
> > >
> > > Also, what rules have you applied?
> > >
> > > If there is a very long delay and then a failure you should verify that the rules you wrote are proper to your environment.
> > >
> > > You should route packets based on connection marks and mark only new connections from LAN IP addresses and only on the LAN interface.
> > >
> > > As I showed in the demo video it’s very simple to implement.
> > >
> > >
> > >
> > > Let me know if you are still having issues.
> > >
> > >
> > >
> > > Eliezer
> > >
> > >
> > >
> > > ----
> > >
> > > Eliezer Croitoru
> > >
> > > NgTech, Tech Support
> > >
> > > Mobile: +972-5-28704261
> > >
> > > Email: ngtech1ltd at gmail.com
> > >
> > > Web: https://ngtech.co.il/
> > >
> > > My-Tube: https://tube.ngtech.co.il/
> > >
> > >
> > >
> > > From: M K <mohammed.khallaf at gmail.com>
> > > Sent: Saturday, 13 August 2022 10:59
> > > To: ngtech1ltd at gmail.com
> > > Cc: squid-users at lists.squid-cache.org
> > > Subject: Re: [squid-users] Squid 4.8+ intercept
> > >
> > >
> > >
> > > Thank you for your quick reply. The text-drawing actually changed with different font; the squid server is effectively connected to MikroTik router, not the same physical link as the client.
> > >
> > >
> > >
> > > The MikroTik router sits between the client and squid server.
> > >
> > >
> > >
> > > That said, I can confirm that the MikroTik router is effectively able to route/DNat client packets going to ports 80 and 443 to squid server. Depending on router rules be it route or dnat, the client browser effectively displays the error page of squid, or goes into a very long delay then failure.
> > >
> > >
> > >
> > > I will retry and let you know.
> > >
> > >
> > >
> > > K
> > >
> > > On Wed, Aug 10, 2022, 10:08 <ngtech1ltd at gmail.com> wrote:
> > >
> > > Hey K,
> > >
> > >
> > >
> > > I am not sure about the network topology.
> > >
> > > Preferably the Squid should reside on another network then the clients if it’s intercepting the traffic.
> > >
> > > Also, I assume it’s not a TPROXY setup so it should be pretty simple and straight forward.
> > >
> > >
> > >
> > > I understand why are you asking this question.
> > >
> > > Also take into account that Mikrotik is now on 7.4 firmware and it’s recommended to use this one.
> > >
> > > If you are using any other version let me know so I can try to make sense on the differences.
> > >
> > > I will try to give a DEMO for such a setup and how to make it work.
> > >
> > >
> > >
> > > Eliezer
> > >
> > >
> > >
> > > ----
> > >
> > > Eliezer Croitoru
> > >
> > > NgTech, Tech Support
> > >
> > > Mobile: +972-5-28704261
> > >
> > > Email: ngtech1ltd at gmail.com
> > >
> > > Web: https://ngtech.co.il/
> > >
> > > My-Tube: https://tube.ngtech.co.il/
> > >
> > >
> > >
> > > From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of M K
> > > Sent: Tuesday, 9 August 2022 22:29
> > > To: squid-users at lists.squid-cache.org
> > > Subject: [squid-users] Squid 4.8+ intercept
> > >
> > >
> > >
> > > Hello,
> > >
> > >
> > >
> > > I have a setup like this one:
> > >
> > >
> > > | Client | =====> | Router | =====> Internet
> > > ||
> > > \/
> > > | Squid |
> > >
> > >
> > >
> > > ...the router is a Mikrotik router capable of all things NAT/Redirect and whatnot. Squid server has only one network interface.
> > >
> > > Using the router:
> > >
> > > - I tried routing traffic to squid server IP.
> > >
> > > - I tried destination-NATing from client to server IP, with origin server IP-and-port natted to squid IP-and-port, and with origin server IP-only natted to squid-IP.
> > >
> > >
> > >
> > > I have been struggling for 2 days to setup a working Squid 4.8 or higher interception.
> > >
> > > Test server is running Ubuntu 18.4.3 and Squid 4.8.
> > >
> > > Documentation is either too much trim or extremely outdated.
> > >
> > > Any help would be very much appreciated.
> > >
> > >
> > >
> > > All best,
> > >
> > > K
> >
More information about the squid-users
mailing list