Results 1 to 10 of 10
I have configured squid as transparent proxy. But my users can not access the sites having https. Logically I should use iptables to redirect all the traffic.
Firewall and squid ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-02-2013 #1Just Joined!
- Join Date
- Oct 2012
- Posts
- 9
https problen in Transparent proxy server
I have configured squid as transparent proxy. But my users can not access the sites having https. Logically I should use iptables to redirect all the traffic.
Firewall and squid in same server.
The quick response will highly appreciated.
--
Regards,
Nantha....
- 01-04-2013 #2Linux Newbie
- Join Date
- Apr 2010
- Location
- Charlotte, NC, USA
- Posts
- 105
You will not be able to do SSL proxying with Squid transparently as Squid relies on clients to utilize the http CONNECT method to connect to an SSL site through a proxy, and clients will not do so unless they are explicitly configured to use a proxy. You might be able to mash something together, but it will not work cleanly.
Anyone, please correct me if I am wrong.
N
- 01-04-2013 #3Just Joined!
- Join Date
- Oct 2012
- Posts
- 9
HI N++,
I can able to do through in IPTABLES by using masquerade. the squid and firewall in same server. I want to now how to masquerade through Iptables for 443
- 01-06-2013 #4Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,613
What do your rules look like now for IPTABLES?
- 01-07-2013 #5Just Joined!
- Join Date
- Oct 2012
- Posts
- 9
Hi Lazy dog,
see the below rule for http. I have to give for https in masqurade.
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
-j REDIRECT --to-port 3128
iptables -A INPUT -j ACCEPT -m state \ --state NEW,ESTABLISHED,RELATED -i eth1
-p tcp \ --dport 3128
iptables -A OUTPUT -j ACCEPT -m state \--state NEW,ESTABLISHED,RELATED -o eth0
-p tcp \ --dport 80
iptables -A INPUT -j ACCEPT -m state \ --state ESTABLISHED,RELATED -i eth0
-p tcp \ --sport 80
iptables -A OUTPUT -j ACCEPT -m state \--state ESTABLISHED,RELATED -o eth1
-p tcp \--sport 80
- 01-07-2013 #6Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,613
Try adding the following rules to your firewall;
These rules bypass the proxy and allow 443 traffic to pass the firewall.Code:iptables -A FORWARD -i eth1 --dport 443 -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 --sport 443 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- 01-24-2013 #7Just Joined!
- Join Date
- Oct 2012
- Posts
- 9
i am getting this kind of error, reponse quickly
iptables v1.3.5: Unknown arg `--dport'
- 01-24-2013 #8Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,613
What do the rules look like?
- 01-25-2013 #9Just Joined!
- Join Date
- Oct 2012
- Posts
- 9
In firewall server and squid server in same machine. eth0 is my private-ip and eth1 is public-ip. I need to allow the https through the server.
your previous answer is not working. I cant able to put the rule.
- 01-27-2013 #10Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,613
You need to be root in order to add rules
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
