[squid-users] TLS passthrough
Amos Jeffries
squid3 at treenet.co.nz
Sat Sep 30 08:18:12 UTC 2023
On 30/09/23 11:06, Fernando Giorgetti wrote:
> If someone has already done that, with the client running in a different
> machine, I would love to know how.
There are several ways;
1) run Squid on the gateway router for your network, or
2) place Squid in a DMZ between the LAN gateway and WAN gateway.
3) setup a custom route+gateway for port 80 and 443 LAN traffic as the
Squid machine. Excluding traffic from that machine itself.
>
> In case Squid runs on the same machine used as a network gateway to the
> client machine, I suppose the config would be similar, but if it's not
> running on the same machine used as the gateway, then it would be nice
> to see how.
>
That would be (1). See
<https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> for
how to configure the gateway router running Squid.
The configuration difference between the at-source (aka, on client
machine) you are/were using is just some iptables rules.
HTH
Amos
More information about the squid-users
mailing list