<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Hey,
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Let me see if I understood that right.</div>
<div class=""><br class="">
</div>
<div class="">I can change TPROXY to REDIRECT in my iptables.sh and in the ssl-bump replace proxy with intercept.</div>
<div class="">Then, I can run your bash script after creating domains-to-bypass.txt and putting skype domains in there.</div>
<div class="">Is that right? or am I missing something?</div>
<div class=""><br class="">
</div>
<div class="">P.S: Skype for Business uses Lync servers, I do not think <a href="http://skype.com" class="">
skype.com</a> is its domain at all. </div>
<div class="">
<div class=""><br class="Apple-interchange-newline" style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">
<br class="Apple-interchange-newline" style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">
<span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><span><img height="38" width="45" apple-inline="yes" id="39EC84E8-DF82-4408-AB00-4B5F2DBA70B5" apple-width="yes" apple-height="yes" src="cid:2FD1C3AB-E45C-49F0-84AB-0F8AC658BD11@routerb408e2.com" class=""></span><em style="font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; color: rgb(0, 128, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: rgb(255, 255, 255);" class=""><strong class="">Piensa
 en el medio ambiente antes de imprimir este email.</strong></em> </span></div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Dec 5, 2016, at 6:54 PM, Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il" class="">eliezer@ngtech.co.il</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class=""><font face="Calibri" size="2" style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-size: 11pt;" class="">
<div class="">Hey,</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class="">Well it’s nice to have such a tutorial but I didn’t followed all of it.</div>
<div class="">You will want to use REDIRECT in the nat table rather then trroxy.</div>
<div class="">But if it works now and the only issue is skype then you can try my script at:</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><a href="https://gist.github.com/elico/e0faadf0cc63942c5aaade808a87deef" class=""><font face="Calibri" size="2" color="blue" class=""><span style="font-size: 11pt;" class=""><u class="">https://gist.github.com/elico/e0faadf0cc63942c5aaade808a87deef</u></span></font></a></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class="">And maybe you will need to monitor your logs for incoming requests with new ip addresses.</div>
<div class="">I started working on an external_acl helper that can help in such scenarios which identifies if the destination server might be of skype but I think that most of the information exists at:</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><a href="https://github.com/vel21ripn/nDPI/blob/netfilter/src/lib/protocols/skype.c" class=""><font face="Calibri" size="2" color="blue" class=""><span style="font-size: 11pt;" class=""><u class="">https://github.com/vel21ripn/nDPI/blob/netfilter/src/lib/protocols/skype.c</u></span></font></a></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><a href="https://github.com/ntop/nDPI/blob/dev/src/lib/protocols/skype.c" class=""><font face="Calibri" size="2" color="blue" class=""><span style="font-size: 11pt;" class=""><u class="">https://github.com/ntop/nDPI/blob/dev/src/lib/protocols/skype.c</u></span></font></a></span></font></div>
<div class="">And also:</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><a href="https://github.com/ntop/nDPI/blob/d9a2d9a6bd4d476d666d26cb713952760a975d92/src/lib/ndpi_content_match.c.inc#L286" class=""><font face="Calibri" size="2" color="blue" class=""><span style="font-size: 11pt;" class=""><u class="">https://github.com/ntop/nDPI/blob/d9a2d9a6bd4d476d666d26cb713952760a975d92/src/lib/ndpi_content_match.c.inc#L286</u></span></font></a></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class="">Try to see if when you add these ip addresses to bypass it works fine.</div>
<div class=""> </div>
<div class="">Eliezer</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" class="">----</font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><a href="http://ngtech.co.il/lmgtfy/" class=""><font face="Arial Rounded MT Bold" size="2" color="#0563C1" class=""><span style="font-size: 11pt;" class=""><u class="">Eliezer
 Croitoru</u></span></font></a><br class="">
<font face="Arial Rounded MT Bold" size="2" class=""><span style="font-size: 11pt;" class="">Linux System Administrator<br class="">
Mobile: +972-5-28704261<br class="">
Email:<span class="Apple-converted-space"> </span><a href="mailto:eliezer@ngtech.co.il" class="">eliezer@ngtech.co.il</a></span></font></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><span id="cid:243B0F5195133D949C86C4D9CDD25EEA1FF40ED5@namprd05.prod.outlook.com"><Untitled Attachment 1.jpg></span><font size="2" class=""><span style="font-size: 11pt;" class=""></span></font></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><b class="">From:</b><span class="Apple-converted-space"> </span>Sameh Onaissi [<a href="mailto:sameh.onaissi@solcv.com" class="">mailto:sameh.onaissi@solcv.com</a>]<span class="Apple-converted-space"> </span><br class="">
<b class="">Sent:</b><span class="Apple-converted-space"> </span>Tuesday, December 6, 2016 1:28 AM<br class="">
<b class="">To:</b><span class="Apple-converted-space"> </span>Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il" class="">eliezer@ngtech.co.il</a>><br class="">
<b class="">Cc:</b><span class="Apple-converted-space"> </span><a href="mailto:squid-users@lists.squid-cache.org" class="">squid-users@lists.squid-cache.org</a><br class="">
<b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [squid-users] Skype for Business behind a transparent squid (TProxy) HTTP/S</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">Hello Eliezer, thank you for the reply.<span class="Apple-converted-space"> </span></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">Honestly, to get things working after several failed attempts to intercept HTTPS, I followed this guide: <a href="http://www.cyberscie.com/2015/08/installing-squid-357-as-transparent.html?showComment=1463513043421" class=""><font color="blue" class=""><u class="">http://www.cyberscie.com/2015/08/installing-squid-357-as-transparent.html?showComment=1463513043421</u></font></a></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">My squid.conf is simple: <a href="http://pastebin.com/9uZ4kxW6" class=""><font color="blue" class=""><u class="">http://pastebin.com/9uZ4kxW6</u></font></a></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">I have collected a few IPs that skype for business uses, I tried allowing them through IP-tables but it did not work. </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><br class="">
<span id="cid:DB8C00BD52A546FE50D7A51028BA501F468CC880@namprd05.prod.outlook.com"><Untitled Attachment 2.jpg></span><font face="Helvetica" size="2" class=""><span style="font-size: 9pt;" class=""><span class="Apple-converted-space"> </span></span></font><font face="Calibri" color="green" class=""><b class=""><i class="">Piensa
 en e</i></b></font><font face="Calibri" color="green" class=""><b class=""><i class="">l medio ambiente antes de imprimir este email.</i></b></font><font face="Helvetica" size="2" class=""><span style="font-size: 9pt;" class=""></span></font></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">On Dec 5, 2016, at 6:16 PM, Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il" class=""><font color="blue" class=""><u class="">eliezer@ngtech.co.il</u></font></a>>
 wrote:</span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class="">Hey,</div>
<div class=""> </div>
<div class="">The first suggestion is to find out what servers needs to be in the exceptions from squid interception.</div>
<div class="">It should be a bunch of IP addresses.</div>
<div class="">The possibility of skype hosting services to hold unwanted sites or content is slight but not impossible.</div>
<div class="">You don’t need tproxy on this machine since it is masquerading in any case(just a pointer that will ease your life).</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class="">We can try to recognize together what IP addresses are required to be “bypassed” from squid interception.</div>
<div class="">And we are missing the squid.conf so we are limited to even know if your setup should work to begin with.</div>
<div class=""> </div>
<div class="">Eliezer</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" class="">----</font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><a href="http://ngtech.co.il/lmgtfy/" class=""><font face="Arial Rounded MT Bold" size="2" color="#0563C1" class=""><span style="font-size: 11pt;" class=""><u class="">Eliezer
 Croitoru</u></span></font></a><br class="">
<font face="Arial Rounded MT Bold" size="2" class=""><span style="font-size: 11pt;" class="">Linux System Administrator<br class="">
Mobile: +972-5-28704261<br class="">
Email:</span></font><font face="Arial Rounded MT Bold" size="2" class=""><span style="font-size: 11pt;" class=""> </span></font><a href="mailto:eliezer@ngtech.co.il" class=""><font face="Arial Rounded MT Bold" size="2" color="blue" class=""><span style="font-size: 11pt;" class=""><u class="">eliezer@ngtech.co.il</u></span></font></a></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><Picture (Device Independent Bitmap) 1.jpg></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><b class="">From:</b> squid-users [<a href="mailto:squid-users-bounces@lists.squid-cache.org" class=""><font color="blue" class=""><u class="">mailto:squid-users-bounces@lists.squid-cache.org</u></font></a>] <b class="">On Behalf Of</b><b class=""> </b>Sameh
 Onaissi<br class="">
<b class="">Sent:</b> Tuesday, December 6, 2016 12:47 AM<br class="">
<b class="">To:</b> <a href="mailto:squid-users@lists.squid-cache.org" class=""><font color="blue" class=""><u class="">squid-users@lists.squid-cache.org</u></font></a><br class="">
<b class="">Subject:</b> [squid-users] Skype for Business behind a transparent squid (TProxy) HTTP/S</div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Arial" size="3" color="#242729" class=""><span style="font-size: 12pt;" class="">I have a Ubuntu 16.04 server with Squid 3.5.22 installed. It acts as a gateway in a LAN.</span></font></div>
<div class=""><font face="Arial" size="3" color="#242729" class=""><span style="font-size: 12pt;" class="">It is configured to intercept HTTP and HTTPS traffic (Transparent). So iptables redirects were used for ports 80 and 443.</span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">The server runs two scripts: </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><b class=""><u class="">nat.sh</u></b> to bridge the two network cards, allowing LAN computers access to the internet through the servers Internet interface
 card.</span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><b class=""><u class="">iptables.sh</u></b> which defines the ip rules and port forwarding: <a href="http://pastebin.com/SqpbmYQQ" class=""><font face="Arial" color="blue" class=""><u class="">http://pastebin.com/SqpbmYQQ</u></font></a></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">BEFORE RUNNING iptables.sh...</span></font></div>
<div class=""><font face="Arial" size="3" color="#242729" class=""><span style="font-size: 12pt;" class="">When I connect a LAN computer to it, everything works as expected. Complete Internet access with some HTTP and HTTPS domains blocked/redirected to another
 page. Skype for Business logs in successfully.</span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">AFTER RUNNING iptables.sh</span></font></div>
<div class=""><font face="Arial" size="3" color="#242729" class=""><span style="font-size: 12pt;" class="">Skype for Business disconnects, and fails to re-connect, normal skype works just fine.</span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Arial" size="3" color="#242729" class=""><span style="font-size: 12pt;" class="">I revised: <a href="https://support.office.com/en-us/article/Create-DNS-records-at-eNomCentral-for-Office-365-a6626053-a9c8-445b-81ee-eeb6672fae77?ui=en-US&rs=en-US&ad=US" class=""><font color="#005999" class=""><u class="">https://support.office.com/en-us/article/Create-DNS-records-at-eNomCentral-for-Office-365-a6626053-a9c8-445b-81ee-eeb6672fae77?ui=en-US&rs=en-US&ad=US#bkmk_verify</u></font></a> And
 added all DNS configurations on enom.</span></font></div>
<div class=""><font face="Arial" size="3" color="#242729" class=""><span style="font-size: 12pt;" class="">That got rid of the DNS error I was getting to another error saying service is temporarily unavailable.</span></font></div>
<div class=""><font face="Arial" size="3" color="#242729" class=""><span style="font-size: 12pt;" class="">Any suggestions to why this is happening? Any solutions?</span></font></div>
<div class=""><font face="Arial" size="3" color="#242729" class=""><span style="font-size: 12pt;" class=""><b class="">Note:</b> both router and Ubuntu's WAN interface use Google's 8.8.8.8 DNS</span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class="">Any help is really appreciated as I have been trying to fix this for days!</span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""><br class="">
<br class="">
<br class="">
<Picture (Device Independent Bitmap) 2.jpg><font face="Helvetica" size="2" class=""><span style="font-size: 9pt;" class=""> </span></font><font face="Calibri" color="green" class=""><b class=""><i class="">Piensa en el medio ambiente antes de imprimir este
 email.</i></b></font></span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
<div class=""><font face="Times New Roman" size="3" class=""><span style="font-size: 12pt;" class=""> </span></font></div>
</span></font><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""></span></div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>