> in /etc/sysctl.conf ipforwading is enabled.
>
> and for iptables:
> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
> iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.4.96:3128
> i added these two rules work well for http, i tried many rules for https non them works!
>
> Please check squid configuration if its okay please give me the firewall rule
>
>
> thank you very much
Hello,
Change
http_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
to
http_port 3128 intercept
https_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
And add do:
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.4.96:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.4.96:3127
iptables -I INPUT -p tcp -m tcp --dport 3127 -j ACCEPT
Does it work after that?
./npf
Received on Fri Jun 07 2013 - 10:53:04 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 07 2013 - 12:00:06 MDT