Transparent use of squid without masquerading

General discussion about PLUC and Linux in Pakistan.

Transparent use of squid without masquerading

Postby turab » Tue Apr 18, 2006 6:44 pm

Hello Friends,
Is it possible to use port 443 or https protocol without using masquerading
i.e.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
whenever i use masquerading all the clients by passes the transparent proxy.

The iptables rules mentioned below are already applied.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080

but when i try to browse www.hotmail.com it never redirect it from http to https. If i am doing any thing wrong please guide me.

Regards,
Turab.
turab
Company Havaldaar Major
 
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
WLM: iba_lookz@hotmail.com
Yahoo Messenger: turabali@yahoo.com

Re:

Postby LinuxFreaK » Wed Apr 19, 2006 11:37 am

Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re:

Postby kbukhari » Thu Apr 20, 2006 4:52 pm

LinuxFreaK wrote:Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.


Farukh are u sure ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby turab » Fri Apr 21, 2006 12:29 pm

Hello Farrukh,
Salam,
i have commented all the statements containing SSL_ports parameters but still am unable to sigin into hotmail via transparent proxy.

#acl SSL_ports port 443 563
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports


Regards,
Turab
turab
Company Havaldaar Major
 
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
WLM: iba_lookz@hotmail.com
Yahoo Messenger: turabali@yahoo.com

Re:

Postby syedali999 » Fri Apr 21, 2006 7:43 pm

LinuxFreaK wrote:Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.


Please Let Me Complete LinuxFreak!

un-comment the following line

Code: Select all

acl Safe_ports port 443


now add

Code: Select all

http_access allow yourclient Safe_ports

make sure your firewall is allowing port 443 8)
Thanks,
Regards


S. Asad Ali Rizvi
===================
Nomado Telecom
http://www.nomado.eu
alex[NoSpam]@nomado.eu
====================
LPI ID: LPI000102069
My blogs:
http://crea8ivefood.blogspot.com
http://actuarialsciencestudies.blogspot.com
syedali999
Battalion Havaldaar Major
 
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Website: http://www.wol.net.pk
WLM: alirizvi@khi.wol.net.pk
Location: Karachi

Postby kbukhari » Fri Apr 28, 2006 11:35 am

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080


squid wont surf https request as transparnet proxy u have to MASQUERADE port 443
port 443 cannot be proxied transparently (stop and think about it for a minute; if HTTPS could be transparently proxied, then how secure would it be?).
--

Syed Kashif Ali Bukhari

+92-345-8444420

http://sysadminsline.com

http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby turab » Sat May 06, 2006 4:29 pm

Hello kbukhari,
Salam,
if its not possible then how the isp's guru manage to run the transparent proxy smoothly. :)
i tried all the methods & still working on it .........

Regards,
Turab
turab
Company Havaldaar Major
 
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
WLM: iba_lookz@hotmail.com
Yahoo Messenger: turabali@yahoo.com

Postby kbukhari » Sun May 07, 2006 12:46 pm

see my lastg post and then ask me
this
i am also working in an ISP and if u get any slution to run squid as https transparent proxy than most tell me i will ask henrik who says squid is http proxy not a https proxy ( as trasparent) squid can surf https request but at a manual proxy or with Proxy.pac java script
Note:- henrik is founder of squid !
--

Syed Kashif Ali Bukhari

+92-345-8444420

http://sysadminsline.com

http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

it works

Postby turab » Mon May 08, 2006 10:31 am

Salam kbukhari,
Hope you are doing well, i tune iptables in a manner that i delete
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
and add
iptables -t nat -A POSTROUTING -p tcp --dport 443 -o eth0 -j MASQUERADE

this is wat you are trying to say ?!?
is this the best possible solution for https ?!?

Regards,
Turab
turab
Company Havaldaar Major
 
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
WLM: iba_lookz@hotmail.com
Yahoo Messenger: turabali@yahoo.com


Return to “%s” General

Who is online

Users browsing this forum: No registered users and 0 guests

cron