<div dir="ltr">Hi<div>Pardon me if I am mistaken but isnt it the case that 1 :</div><div><br></div><div><p style="font-size:12.8px">iptables -t nat -A PREROUTING -p tcp --dport 443 --destination 162.220.xx.xx -j REDIRECT --to-ports 3129</p></div><div>The rule above would only match for the IP of squid and squid should be heading to the actual IP of the site in question which is not on the same server</div><div><br></div><div>and 2 :</div><div><br></div><div>If Squid is intercepting the PREROUTING chain would not apply anymore, as traffic passing through local daemons goes through OUTPUT and POSTROUTING chains </div><div><br></div><div>As for </div><div><pre style="padding:0.5em;font-family:courier,monospace;border:1pt solid rgb(192,192,192);white-space:pre-wrap;word-wrap:break-word;color:rgb(0,0,0);font-size:13.6px;line-height:17px;background:rgb(240,236,230)">iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 80 -j ACCEPT
</pre></div><div><br></div><div>All traffic set to ACCEPT ..thanks !</div><div><br></div><div>Regards</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 4, 2016 at 11:11 AM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span>On 4/03/2016 10:01 p.m., Ali Jawad wrote:<br>
> Actually, now that I am using 3.15 it seems I get the error for port 80 -><br>
> 3128 intercepts again<br>
><br>
> TCP_MISS/503 4274 GET <a href="http://www.whereIwantToVisit.net/" rel="noreferrer" target="_blank">http://www.whereIwantToVisit.net/</a> - ORIGINAL_DST/<br>
> 162.220.244.7 text/html<br>
<br>
</span>This is the same problem happening for both port 443 and port 80.<br>
You need to exclude the squid outgoing traffic from the iptables NAT<br>
REDIRECT.<br>
<br>
Compare the tutorial rules with what you have:<br>
<<a href="http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect" rel="noreferrer" target="_blank">http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect</a>><br>
<br>
I believe you are missing that first rule with "-s $SQUIDIP -p tcp<br>
--dport 80 -j ACCEPT".<br>
<span><font color="#888888"><br>
Amos<br>
<br>
</font></span></blockquote></div><br></div></div>