Page 1 of 1

Transparent use of squid without masquerading

Posted: Tue Apr 18, 2006 6:44 pm
by turab
Hello Friends,
Is it possible to use port 443 or https protocol without using masquerading
i.e.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
whenever i use masquerading all the clients by passes the transparent proxy.

The iptables rules mentioned below are already applied.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080

but when i try to browse www.hotmail.com it never redirect it from http to https. If i am doing any thing wrong please guide me.

Regards,
Turab.

Re:

Posted: Wed Apr 19, 2006 11:37 am
by LinuxFreaK
Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.

Re:

Posted: Thu Apr 20, 2006 4:52 pm
by kbukhari
LinuxFreaK wrote:Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.


Farukh are u sure ?

Posted: Fri Apr 21, 2006 12:29 pm
by turab
Hello Farrukh,
Salam,
i have commented all the statements containing SSL_ports parameters but still am unable to sigin into hotmail via transparent proxy.

#acl SSL_ports port 443 563
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports


Regards,
Turab

Re:

Posted: Fri Apr 21, 2006 7:43 pm
by syedali999
LinuxFreaK wrote:Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.


Please Let Me Complete LinuxFreak!

un-comment the following line

Code: Select all

acl Safe_ports port 443


now add

Code: Select all

http_access allow yourclient Safe_ports

make sure your firewall is allowing port 443 8)

Posted: Fri Apr 28, 2006 11:35 am
by kbukhari
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080


squid wont surf https request as transparnet proxy u have to MASQUERADE port 443
port 443 cannot be proxied transparently (stop and think about it for a minute; if HTTPS could be transparently proxied, then how secure would it be?).

Posted: Sat May 06, 2006 4:29 pm
by turab
Hello kbukhari,
Salam,
if its not possible then how the isp's guru manage to run the transparent proxy smoothly. :)
i tried all the methods & still working on it .........

Regards,
Turab

Posted: Sun May 07, 2006 12:46 pm
by kbukhari
see my lastg post and then ask me
this
i am also working in an ISP and if u get any slution to run squid as https transparent proxy than most tell me i will ask henrik who says squid is http proxy not a https proxy ( as trasparent) squid can surf https request but at a manual proxy or with Proxy.pac java script
Note:- henrik is founder of squid !

it works

Posted: Mon May 08, 2006 10:31 am
by turab
Salam kbukhari,
Hope you are doing well, i tune iptables in a manner that i delete
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
and add
iptables -t nat -A POSTROUTING -p tcp --dport 443 -o eth0 -j MASQUERADE

this is wat you are trying to say ?!?
is this the best possible solution for https ?!?

Regards,
Turab