Page 1 of 1
Transparent use of squid without masquerading
Posted: Tue Apr 18, 2006 6:44 pm
by turab
Hello Friends,
Is it possible to use port 443 or https protocol without using masquerading
i.e.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
whenever i use masquerading all the clients by passes the transparent proxy.
The iptables rules mentioned below are already applied.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
but when i try to browse
www.hotmail.com it never redirect it from http to https. If i am doing any thing wrong please guide me.
Regards,
Turab.
Re:
Posted: Wed Apr 19, 2006 11:37 am
by LinuxFreaK
Dear turab,
Salam,
Remove this line from your squid.conf
Best Regards.
Re:
Posted: Thu Apr 20, 2006 4:52 pm
by kbukhari
LinuxFreaK wrote:Dear turab,
Salam,
Remove this line from your squid.conf
Best Regards.
Farukh are u sure ?
Posted: Fri Apr 21, 2006 12:29 pm
by turab
Hello Farrukh,
Salam,
i have commented all the statements containing SSL_ports parameters but still am unable to sigin into hotmail via transparent proxy.
#acl SSL_ports port 443 563
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
Regards,
Turab
Re:
Posted: Fri Apr 21, 2006 7:43 pm
by syedali999
LinuxFreaK wrote:Dear turab,
Salam,
Remove this line from your squid.conf
Best Regards.
Please Let Me Complete LinuxFreak!
un-comment the following line
now add
Code: Select all
http_access allow yourclient Safe_ports
make sure your firewall is allowing port 443
Posted: Fri Apr 28, 2006 11:35 am
by kbukhari
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
squid wont surf https request as transparnet proxy u have to MASQUERADE port 443
port 443 cannot be proxied transparently (stop and think about it for a minute; if HTTPS could be transparently proxied, then how secure would it be?).
Posted: Sat May 06, 2006 4:29 pm
by turab
Hello kbukhari,
Salam,
if its not possible then how the isp's guru manage to run the transparent proxy smoothly.
i tried all the methods & still working on it .........
Regards,
Turab
Posted: Sun May 07, 2006 12:46 pm
by kbukhari
see my lastg post and then ask me
this
i am also working in an ISP and if u get any slution to run squid as https transparent proxy than most tell me i will ask henrik who says squid is http proxy not a https proxy ( as trasparent) squid can surf https request but at a manual proxy or with Proxy.pac java script
Note:- henrik is founder of squid !
it works
Posted: Mon May 08, 2006 10:31 am
by turab
Salam kbukhari,
Hope you are doing well, i tune iptables in a manner that i delete
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
and add
iptables -t nat -A POSTROUTING -p tcp --dport 443 -o eth0 -j MASQUERADE
this is wat you are trying to say ?!?
is this the best possible solution for https ?!?
Regards,
Turab