[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: transparent proxy on http and https

Jose Alberto Guzman wrote:

I currently have a transparent proxy on http with two separate boxes:
firewall-box and squid-box like the howto suggests, however I can't make the setup work with https as well.

  It looks something like this:

               |                                              |
                               ____                  _____
                              |Fw  |                |Squid|
                (LAN)----eth1-|Box |-eth0-----------|Box  |
                              |____|                |_____|

 firewall-box (3 rules):

iptables -t nat -A PREROUTING -i eth1 -p tcp -s \! ETH1_IP -d 0/0
-m multiport --destination-ports 80,443 -j DNAT --to SQUID_BOX:3128

iptables -t nat -A POSTROUTING -o eth1 -s LOCAL_NET -d SQUID_BOX -j SNAT --to ETH1_IP

iptables -A FORWARD -s $rediteso -d SQUID_BOX -i eth1 -o eth0 -p tcp --dport 3128 -j ACCEPT ^^^
                               == LOCAL_NET  , sorry :)

  squid-box (squid.conf):

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

I've not found any docs on several httpd_accel_ports, I added another line with httpd_accel_port 443 and it showed a cannot display page error for http://whatever.com:443

Both boxes are running woody with linux 2.4.21 and squid is a vanilla 2.5.STABLE3

Is there a way to have both ports handled transparently with iptables and squid? like a httpd_accel_multiports ?? :)

 Thanks in advance


Reply to: