Transparent use of squid without masquerading

General discussion about PLUC and Linux in Pakistan.
turab
Company Havaldaar Major
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
Contact:

Transparent use of squid without masquerading

Postby turab » Tue Apr 18, 2006 6:44 pm

Hello Friends,
Is it possible to use port 443 or https protocol without using masquerading
i.e.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
whenever i use masquerading all the clients by passes the transparent proxy.

The iptables rules mentioned below are already applied.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080

but when i try to browse www.hotmail.com it never redirect it from http to https. If i am doing any thing wrong please guide me.

Regards,
Turab.

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Wed Apr 19, 2006 11:37 am

Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.
Farrukh Ahmed

kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Re:

Postby kbukhari » Thu Apr 20, 2006 4:52 pm

LinuxFreaK wrote:Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.


Farukh are u sure ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com

turab
Company Havaldaar Major
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
Contact:

Postby turab » Fri Apr 21, 2006 12:29 pm

Hello Farrukh,
Salam,
i have commented all the statements containing SSL_ports parameters but still am unable to sigin into hotmail via transparent proxy.

#acl SSL_ports port 443 563
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports


Regards,
Turab

syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Re:

Postby syedali999 » Fri Apr 21, 2006 7:43 pm

LinuxFreaK wrote:Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443


Best Regards.


Please Let Me Complete LinuxFreak!

un-comment the following line

Code: Select all

acl Safe_ports port 443


now add

Code: Select all

http_access allow yourclient Safe_ports

make sure your firewall is allowing port 443 8)
Thanks,
Regards


S. Asad Ali Rizvi
===================
Nomado Telecom
http://www.nomado.eu
alex[NoSpam]@nomado.eu
====================
LPI ID: LPI000102069
My blogs:
http://crea8ivefood.blogspot.com
http://actuarialsciencestudies.blogspot.com

kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Postby kbukhari » Fri Apr 28, 2006 11:35 am

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080


squid wont surf https request as transparnet proxy u have to MASQUERADE port 443
port 443 cannot be proxied transparently (stop and think about it for a minute; if HTTPS could be transparently proxied, then how secure would it be?).
--

Syed Kashif Ali Bukhari

+92-345-8444420

http://sysadminsline.com

http://kashifbukhari.com

turab
Company Havaldaar Major
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
Contact:

Postby turab » Sat May 06, 2006 4:29 pm

Hello kbukhari,
Salam,
if its not possible then how the isp's guru manage to run the transparent proxy smoothly. :)
i tried all the methods & still working on it .........

Regards,
Turab

kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Postby kbukhari » Sun May 07, 2006 12:46 pm

see my lastg post and then ask me
this
i am also working in an ISP and if u get any slution to run squid as https transparent proxy than most tell me i will ask henrik who says squid is http proxy not a https proxy ( as trasparent) squid can surf https request but at a manual proxy or with Proxy.pac java script
Note:- henrik is founder of squid !
--

Syed Kashif Ali Bukhari

+92-345-8444420

http://sysadminsline.com

http://kashifbukhari.com

turab
Company Havaldaar Major
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
Contact:

it works

Postby turab » Mon May 08, 2006 10:31 am

Salam kbukhari,
Hope you are doing well, i tune iptables in a manner that i delete
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
and add
iptables -t nat -A POSTROUTING -p tcp --dport 443 -o eth0 -j MASQUERADE

this is wat you are trying to say ?!?
is this the best possible solution for https ?!?

Regards,
Turab


Return to “General”

Who is online

Users browsing this forum: No registered users and 2 guests