Transparent use of squid without masquerading

General discussion about PLUC and Linux in Pakistan.
Post Reply
turab
Company Havaldaar Major
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
Contact:

Transparent use of squid without masquerading

Post by turab »

Hello Friends,
Is it possible to use port 443 or https protocol without using masquerading
i.e.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
whenever i use masquerading all the clients by passes the transparent proxy.

The iptables rules mentioned below are already applied.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080

but when i try to browse www.hotmail.com it never redirect it from http to https. If i am doing any thing wrong please guide me.

Regards,
Turab.
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443
Best Regards.
Farrukh Ahmed
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Re:

Post by kbukhari »

LinuxFreaK wrote:Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443
Best Regards.
Farukh are u sure ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
turab
Company Havaldaar Major
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
Contact:

Post by turab »

Hello Farrukh,
Salam,
i have commented all the statements containing SSL_ports parameters but still am unable to sigin into hotmail via transparent proxy.

#acl SSL_ports port 443 563
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports


Regards,
Turab
syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Re:

Post by syedali999 »

LinuxFreaK wrote:Dear turab,
Salam,

Remove this line from your squid.conf

Code: Select all

acl Safe_ports port 443
Best Regards.
Please Let Me Complete LinuxFreak!

un-comment the following line

Code: Select all

acl Safe_ports port 443
now add

Code: Select all

http_access allow yourclient Safe_ports
make sure your firewall is allowing port 443 8)
Thanks,
Regards


S. Asad Ali Rizvi
===================
Nomado Telecom
http://www.nomado.eu
alex[NoSpam]@nomado.eu
====================
LPI ID: LPI000102069
My blogs:
http://crea8ivefood.blogspot.com
http://actuarialsciencestudies.blogspot.com
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
squid wont surf https request as transparnet proxy u have to MASQUERADE port 443
port 443 cannot be proxied transparently (stop and think about it for a minute; if HTTPS could be transparently proxied, then how secure would it be?).
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
turab
Company Havaldaar Major
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
Contact:

Post by turab »

Hello kbukhari,
Salam,
if its not possible then how the isp's guru manage to run the transparent proxy smoothly. :)
i tried all the methods & still working on it .........

Regards,
Turab
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

see my lastg post and then ask me
this
i am also working in an ISP and if u get any slution to run squid as https transparent proxy than most tell me i will ask henrik who says squid is http proxy not a https proxy ( as trasparent) squid can surf https request but at a manual proxy or with Proxy.pac java script
Note:- henrik is founder of squid !
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
turab
Company Havaldaar Major
Posts: 154
Joined: Thu Dec 15, 2005 3:36 pm
Contact:

it works

Post by turab »

Salam kbukhari,
Hope you are doing well, i tune iptables in a manner that i delete
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
and add
iptables -t nat -A POSTROUTING -p tcp --dport 443 -o eth0 -j MASQUERADE

this is wat you are trying to say ?!?
is this the best possible solution for https ?!?

Regards,
Turab
Post Reply