[squid-users] intercept vs. accel vhost allow-direct
sknz
sakibnizam at gmail.com
Fri Sep 13 09:23:01 UTC 2019
Hello,
Okay, forward proxy port updated to 3128. This is my scenario here:
Internet <> eth0 LAN port <> Server
WIFI AP-User <> WIFI AP <> eth1 LAN port <> Server
So my AP-USER can browse HTTPS for now, but not HTTP. And Squid3 is handling
HTTP transparent proxy here. If I remove Squid3 from the scenerio, AP-USER
can browse both HTTP and HTTPS. In the server, CoovaChilli takes control of
the internal interface (eth1) using a raw promiscuous socket. It then uses
the tun0 to pass and receive packets to and from the WAN(eth0).
http_port 3128
http_port 3130 intercept
Even AP-USER can browse both http and https, if I replace the above config
with:
http_port 3128 accel vhost allow-direct
-A PREROUTING ..... --dport 80 -j REDIRECT --to-ports 3128
It only doesn't work when I configure two-port and HTTP transparent proxy.
I tried dropping the drop rule, it doesn't work. Please check my full
iptables here:
https://paste.grasehotspot.org/view/raw/529efd6c
<https://paste.grasehotspot.org/view/raw/529efd6c>
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list