[squid-users] Issues with TLS inspection Intercept Mode.
aashutosh kalyankar
aashutosh.xyz at gmail.com
Tue Jan 21 18:39:57 UTC 2020
The problem I am seeing is the intercept port initiates HTTP connection to
self-IP instead of the web server IP it gets from the DNS request.
Filtered Tcpdump screenshot @
https://drive.google.com/open?id=0ByReiwdSAAY_VXBPTjF1M3dYTnBTTnhFVnRocXFveUlNSlNj
Server IP: Eth0: IP: 172.22.22.148/26 (Same eth0 interface reaches the
internet gateway).
Configurations for
1) Nat table:
Chain PREROUTING (policy ACCEPT 23 packets, 1632 bytes)
num pkts bytes target prot opt in out source
destination
1 66 3960 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 /* Redirect http traffic eth0:80 to eth0:3128 */ redir ports 3128
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 13500 856K MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
/* Allows NAT To happen */
2) Mangle table:
Chain PREROUTING (policy ACCEPT 6180 packets, 519K bytes)
pkts bytes target prot opt in out source
destination
1434 148K ACCEPT tcp -- any any 172.22.22.0/24 anywhere
tcp dpt:http
0 0 DROP tcp -- any any anywhere anywhere tcp
dpt:3128
3) Squid.conf
http_port 172.22.22.148:3128 intercept
https_port 172.22.22.148:3129 intercept ssl-bump
cert=/etc/squid/ssl_certs/myCA.pem generate-host-certificates=on
Complete squid.conf file @ https://pastebin.com/gG8pYpLF.
Please let me know if I am missing some conf or the next steps I should try
to get this running.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200121/83b25a89/attachment.html>
More information about the squid-users
mailing list