RE: [squid-users] squid 3.3.5 http and https transparent proxy

From: MyName IsLive <mynameislive_at_outlook.com>
Date: Fri, 7 Jun 2013 13:41:10 +0000

Hi, this is the log after i run those iptables rule and those changes in squid.conf: 1370611784.763 � 2407 192.168.4.99 TCP_MISS/200 1376 GET�http://www.facebook.com/%a0- HIER_DIRECT/31.13.86.8 text/html 1370611784.790 � � �0 192.168.4.99 NONE/400 3972 NONE error:invalid-request - HIER_NONE/- text/html 1370611801.238 � � �0 192.168.4.99 NONE/400 3972 NONE error:invalid-request - HIER_NONE/- text/html i just add https_port 3127 "intercept" .... and for normal http connection i dont have a stable connection randomly works or not work!! 1370611744.028 � 2358 192.168.4.99 TCP_MISS/304 395 GET�http://l2.yimg.com/nn/lib/metro/p2.gif%a0- HIER_DIRECT/66.196.65.188 - 1370611744.034 � 2361 192.168.4.99 TCP_MISS/200 1555 GET�http://l2.yimg.com/dh/ap/default/130507/twitter-sprite_desktop.png%a0- HIER_DIRECT/66.196.65.188 image/png 1370611744.684 � 2432 192.168.4.99 TCP_MISS/200 1560 GET�http://ad.yieldmanager.com/imp?%a0- HIER_DIRECT/217.163.21.41 application/x-javascript 1370611755.711 � 2419 192.168.4.99 TCP_MISS/301 573 GEThttp://hsrd.yahoo.com/_ylt=AtxMHaLUD5AnwWofb8kKFvabvZx4;_ylu=X3oDMTJycjUzcHE1BGNwb3MDMARnA2lkLTMzMjYxMDYEaW50bAN1cwRsdHh0A01lbCBCcm9va3MEcG9zAzIEc2VjA3RjLXRzBHNsawN0aXRsZQR0ZXN0AzkwMAR3b2UDMTI3MjM4NjQ-/RV=1/RE=1371821336/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2NzPWJ6JnA9TWVsJTIwQnJvb2tzJmZyPWZwLXR0cy05MDAmZnIyPXBz/RS=%5EADAIOfP8qyIhCUF7TQ9B0kysUTI99I-- HIER_DIRECT/98.139.180.157 text/html thanks you� > ---------------------------------------- >> From: [email protected] >> To: [email protected] >> Date: Fri, 7 Jun 2013 11:53:34 +0100 >> Subject: Re: [squid-users] squid 3.3.5 http and https transparent proxy >> >> >> >>> in /etc/sysctl.conf ipforwading is enabled. >>> >>> and for iptables: >>> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 >>> iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.4.96:3128 >>> i added these two rules work well for http, i tried many rules for https non them works! >>> >>> Please check squid configuration if its okay please give me the firewall rule >>> >>> >>> thank you very much >> >> >> >> Hello, >> >> Change >> >> http_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem >> >> to >> >> http_port 3128 intercept >> https_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem >> >> And add do: >> >> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 >> iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.4.96:3128 >> >> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127 >> iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.4.96:3127 >> iptables -I INPUT -p tcp -m tcp --dport 3127 -j ACCEPT >> >> Does it work after that? >> >> ./npf
Received on Fri Jun 07 2013 - 13:41:17 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 07 2013 - 12:00:06 MDT