[squid-users] R: R: Problem with Squid 3.4 and transparent SSL proxy
Amos Jeffries
squid3 at treenet.co.nz
Thu Nov 13 04:51:14 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/11/2014 9:55 p.m., Job wrote:
> Thank you Amos, for everything.
>
> I route with REDIRECT all outgoing connection to port tcp/443 from
> my LAN:
>
> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT
> --to-port 3130
>
> in squid, i have these configurations:
>
> http_port 3128 http_port 3129 intercept https_port 3130 intercept
> ssl-bump connection-auth=off generate-host-certificates=on
> dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl/squid.pem
> key=/etc/squid/ssl/squid.key
> cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
>
> Do you think my iptables rule is wrong?
The iptables looks fine.
Peter G, in a recent thread added the IP address Squid was being
contacted on to the port details. Maybe that will work for you too.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUZDjCAAoJELJo5wb/XPRjse0IAIL7VDPvPvConqwAxSBP1O79
D8uBOW8D1WVxLARD4HmW9To6qSSten3QwYfJYcwhk0BRDyzh0h0PCiduhWe50H8b
MdK/TXbBdo79q8AobaHkycBQeKwYWKjnHd5IvEp+fPzNK5izqIoWcvdnfFOnSZVh
ULuus+CmKnkykgcYBClxwRlnDo30SPSVUWUS5dgT2Z6r4xnvAANTlpwCJxodcqz/
9zq6vn8dnYYdtIgvuz7SgI49bSDxNo0aa+tizl2P0sKSIxfw5vnnaaj8VXWdeS+r
cpD4H0Wju7CXIyGXfgkDBl/BP3gVUjGVyWJkXN5XYx3Qyu4kKEg4absRTR5+tYc=
=c8G3
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list