Hi,
this is the log after i run those iptables rule and those changes in squid.conf:
1370611784.763 � 2407 192.168.4.99 TCP_MISS/200 1376 GET�http://www.facebook.com/%a0- HIER_DIRECT/31.13.86.8 text/html
1370611784.790 � � �0 192.168.4.99 NONE/400 3972 NONE error:invalid-request - HIER_NONE/- text/html
1370611801.238 � � �0 192.168.4.99 NONE/400 3972 NONE error:invalid-request - HIER_NONE/- text/html
i just add https_port 3127 "intercept" ....
and for normal http connection i dont have a stable connection randomly works or not work!!
1370611744.028 � 2358 192.168.4.99 TCP_MISS/304 395 GET�http://l2.yimg.com/nn/lib/metro/p2.gif%a0- HIER_DIRECT/66.196.65.188 -
1370611744.034 � 2361 192.168.4.99 TCP_MISS/200 1555 GET�http://l2.yimg.com/dh/ap/default/130507/twitter-sprite_desktop.png%a0- HIER_DIRECT/66.196.65.188 image/png
1370611744.684 � 2432 192.168.4.99 TCP_MISS/200 1560 GET�http://ad.yieldmanager.com/imp?%a0- HIER_DIRECT/217.163.21.41 application/x-javascript
1370611755.711 � 2419 192.168.4.99 TCP_MISS/301 573 GEThttp://hsrd.yahoo.com/_ylt=AtxMHaLUD5AnwWofb8kKFvabvZx4;_ylu=X3oDMTJycjUzcHE1BGNwb3MDMARnA2lkLTMzMjYxMDYEaW50bAN1cwRsdHh0A01lbCBCcm9va3MEcG9zAzIEc2VjA3RjLXRzBHNsawN0aXRsZQR0ZXN0AzkwMAR3b2UDMTI3MjM4NjQ-/RV=1/RE=1371821336/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2NzPWJ6JnA9TWVsJTIwQnJvb2tzJmZyPWZwLXR0cy05MDAmZnIyPXBz/RS=%5EADAIOfP8qyIhCUF7TQ9B0kysUTI99I-- HIER_DIRECT/98.139.180.157 text/html
thanks you�
> ----------------------------------------
>> From: [email protected]
>> To: [email protected]
>> Date: Fri, 7 Jun 2013 11:53:34 +0100
>> Subject: Re: [squid-users] squid 3.3.5 http and https transparent proxy
>>
>>
>>
>>> in /etc/sysctl.conf ipforwading is enabled.
>>>
>>> and for iptables:
>>> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
>>> iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.4.96:3128
>>> i added these two rules work well for http, i tried many rules for https non them works!
>>>
>>> Please check squid configuration if its okay please give me the firewall rule
>>>
>>>
>>> thank you very much
>>
>>
>>
>> Hello,
>>
>> Change
>>
>> http_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
>>
>> to
>>
>> http_port 3128 intercept
>> https_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
>>
>> And add do:
>>
>> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
>> iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.4.96:3128
>>
>> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
>> iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.4.96:3127
>> iptables -I INPUT -p tcp -m tcp --dport 3127 -j ACCEPT
>>
>> Does it work after that?
>>
>> ./npf
Received on Fri Jun 07 2013 - 13:41:17 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 07 2013 - 12:00:06 MDT