Hello to everybody,
we use Squid for http transparent proxyging and everything is all right.
I followed some howtos and we add SSL Bump transparent interception.
In squid.conf i have:
http_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /usr/lib/squid/ssl_db -M 4MB
sslcrtd_children 30
and in iptables i added this directive:
-A PREROUTING -p tcp -s 192.168.10.8 --dport 443 -j DNAT
--to-destination 192.168.10.254:3127
HTTP surfing is still right, but when i connect, as example, to
https://www.google.com browser returns page error and i have these
log:
2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58831 FD 15 flags=33:
(92) Protocol not available
2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58832 FD 15 flags=33:
(92) Protocol not available
2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58833 FD 15 flags=33:
(92) Protocol not available
I read some similar post but i did not apply, and find, the solution.
Thank you a log and best regards!
Francesco
Received on Wed Apr 16 2014 - 14:15:57 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 17 2014 - 12:00:09 MDT