Find the answer to your Linux question:
Results 1 to 10 of 10
I have configured squid as transparent proxy. But my users can not access the sites having https. Logically I should use iptables to redirect all the traffic. Firewall and squid ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2012
    Posts
    9

    Exclamation https problen in Transparent proxy server


    I have configured squid as transparent proxy. But my users can not access the sites having https. Logically I should use iptables to redirect all the traffic.

    Firewall and squid in same server.

    The quick response will highly appreciated.

    --
    Regards,
    Nantha....

  2. #2
    Linux Newbie nplusplus's Avatar
    Join Date
    Apr 2010
    Location
    Charlotte, NC, USA
    Posts
    106
    You will not be able to do SSL proxying with Squid transparently as Squid relies on clients to utilize the http CONNECT method to connect to an SSL site through a proxy, and clients will not do so unless they are explicitly configured to use a proxy. You might be able to mash something together, but it will not work cleanly.

    Anyone, please correct me if I am wrong.
    N

  3. #3
    Just Joined!
    Join Date
    Oct 2012
    Posts
    9
    HI N++,

    I can able to do through in IPTABLES by using masquerade. the squid and firewall in same server. I want to now how to masquerade through Iptables for 443

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    What do your rules look like now for IPTABLES?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Just Joined!
    Join Date
    Oct 2012
    Posts
    9
    Hi Lazy dog,

    see the below rule for http. I have to give for https in masqurade.

    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
    -j REDIRECT --to-port 3128
    iptables -A INPUT -j ACCEPT -m state \ --state NEW,ESTABLISHED,RELATED -i eth1
    -p tcp \ --dport 3128
    iptables -A OUTPUT -j ACCEPT -m state \--state NEW,ESTABLISHED,RELATED -o eth0
    -p tcp \ --dport 80
    iptables -A INPUT -j ACCEPT -m state \ --state ESTABLISHED,RELATED -i eth0
    -p tcp \ --sport 80
    iptables -A OUTPUT -j ACCEPT -m state \--state ESTABLISHED,RELATED -o eth1
    -p tcp \--sport 80

  6. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Try adding the following rules to your firewall;

    Code:
    iptables -A FORWARD -i eth1 --dport 443 -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i eth0 --sport 443 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    These rules bypass the proxy and allow 443 traffic to pass the firewall.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  7. #7
    Just Joined!
    Join Date
    Oct 2012
    Posts
    9
    i am getting this kind of error, reponse quickly

    iptables v1.3.5: Unknown arg `--dport'

  8. #8
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    What do the rules look like?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #9
    Just Joined!
    Join Date
    Oct 2012
    Posts
    9
    In firewall server and squid server in same machine. eth0 is my private-ip and eth1 is public-ip. I need to allow the https through the server.
    your previous answer is not working. I cant able to put the rule.

  10. #10
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    You need to be root in order to add rules

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •