[squid-users] TLS passthrough

Amos Jeffries squid3 at treenet.co.nz
Sat Sep 30 08:18:12 UTC 2023


On 30/09/23 11:06, Fernando Giorgetti wrote:
> If someone has already done that, with the client running in a different 
> machine, I would love to know how.


There are several ways;

  1) run Squid on the gateway router for your network, or

  2) place Squid in a DMZ between the LAN gateway and WAN gateway.

  3) setup a custom route+gateway for port 80 and 443 LAN traffic as the 
Squid machine. Excluding traffic from that machine itself.


> 
> In case Squid runs on the same machine used as a network gateway to the 
> client machine, I suppose the config would be similar, but if it's not 
> running on the same machine used as the gateway, then it would be nice 
> to see how.
> 

That would be (1). See 
<https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> for 
how to configure the gateway router running Squid.

The configuration difference between the at-source (aka, on client 
machine) you are/were using is just some iptables rules.


HTH
Amos


More information about the squid-users mailing list