[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: transparent proxy on http and https

Jose Alberto Guzman wrote:


I currently have a transparent proxy on http with two separate boxes:
firewall-box and squid-box like the howto suggests, however I can't make the setup work with https as well. 

  It looks something like this:

                _____L_o_c_a_l____n_e_t_______________________
               |                                              |
                               ____                  _____
                              |Fw  |                |Squid|
                (LAN)----eth1-|Box |-eth0-----------|Box  |
                              |____|                |_____|


 firewall-box (3 rules):

iptables -t nat -A PREROUTING -i eth1 -p tcp -s \! ETH1_IP -d 0/0
-m multiport --destination-ports 80,443 -j DNAT --to SQUID_BOX:3128
iptables -t nat -A POSTROUTING -o eth1 -s LOCAL_NET -d SQUID_BOX -j SNAT --to ETH1_IP
iptables -A FORWARD -s $rediteso -d SQUID_BOX -i eth1 -o eth0 -p tcp --dport 3128 -j ACCEPT ^^^ 
                               == LOCAL_NET  , sorry :)




  squid-box (squid.conf):

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
I've not found any docs on several httpd_accel_ports, I added another line with httpd_accel_port 443 and it showed a cannot display page error for http://whatever.com:443 
    ^^^^
Both boxes are running woody with linux 2.4.21 and squid is a vanilla 2.5.STABLE3
Is there a way to have both ports handled transparently with iptables and squid? like a httpd_accel_multiports ?? :) 


 Thanks in advance

 José
Reply to: