LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   HTTPS through upstream proxy (http://www.linuxquestions.org/questions/linux-networking-3/https-through-upstream-proxy-836105/)

mobbsey 10-04-2010 10:46 AM

HTTPS through upstream proxy
 
Hi,

I am running a Linux firewall (IPcop) to bridge two networks. Hosts on network A have to use a proxy server in order to get online. This server runs a transparent proxy (squid) configured to use the proxy needed to connect to the internet as an upstream proxy, therefore meaning all the hosts on network B can connect to the internet without the user having to configure a proxy address.

The problem is that HTTPS also has to go through the upstream proxy, which I'm told can't be proxied by my server transparently because of security issues. This means that hosts on network B can't currently access HTTPS sites.

Does anyone know how I can get around this?

Thanks in advance.

kaushalpatel1982 10-05-2010 05:17 AM

Squid is HTTP proxy. It will not handle HTTPS traffic. Just make sure you are not forwarding your 443 port traffic to Squid server. It should go through the masquerade rule in iptables.

mobbsey 10-05-2010 07:05 AM

Hi, thanks for your reply.

I'm not very familiar with iptables, could you please give an example of how I'd go about doing this?

Thanks again.

kaushalpatel1982 10-05-2010 08:03 AM

Transparent proxy configure by combination of IPTables and squid. I believe you should configured it.

anyway, Can you please provide me the output of following command :

# iptables -nvx -t nat -L

This command will provide your NAT Tables output.

mobbsey 10-05-2010 08:45 AM

Hi, the output of the command is:

Code:

Chain PREROUTING (policy ACCEPT 75649 packets, 10361195 bytes)
    pkts      bytes target    prot opt in    out    source              dest                                                                            ination
  78092 10486031 CUSTOMPREROUTING  all  --  *      *      0.0.0.0/0                                                                                        0.0.0.0/0
  78092 10486031 SQUID      all  --  *      *      0.0.0.0/0            0.0.0.                                                                            0/0
  75649 10361195 PORTFW    all  --  *      *      0.0.0.0/0            0.0.0.                                                                            0/0

Chain POSTROUTING (policy ACCEPT 73 packets, 4180 bytes)
    pkts      bytes target    prot opt in    out    source              dest                                                                            ination
    4887  301779 CUSTOMPOSTROUTING  all  --  *      *      0.0.0.0/0                                                                                        0.0.0.0/0
    4887  301779 REDNAT    all  --  *      *      0.0.0.0/0            0.0.0.                                                                            0/0
      0        0 SNAT      all  --  *      *      0.0.0.0/0            0.0.0.                                                                            0/0          MARK match 0x1 to:192.168.0.10

Chain OUTPUT (policy ACCEPT 3555 packets, 229083 bytes)
    pkts      bytes target    prot opt in    out    source              dest                                                                            ination

Chain CUSTOMPOSTROUTING (1 references)
    pkts      bytes target    prot opt in    out    source              dest                                                                            ination

Chain CUSTOMPREROUTING (1 references)
    pkts      bytes target    prot opt in    out    source              dest                                                                            ination

Chain PORTFW (1 references)
    pkts      bytes target    prot opt in    out    source              dest                                                                            ination

Chain REDNAT (1 references)
    pkts      bytes target    prot opt in    out    source              dest                                                                            ination
    4814  297599 MASQUERADE  all  --  *      eth1    0.0.0.0/0            0.0.0                                                                            .0/0

Chain SQUID (1 references)
    pkts      bytes target    prot opt in    out    source              dest                                                                            ination
      7      336 RETURN    tcp  --  eth0  *      0.0.0.0/0            10.4.1                                                                            00.0/22      tcp dpt:80
    2443  124836 REDIRECT  tcp  --  eth0  *      0.0.0.0/0            0.0.0.                                                                            0/0          tcp dpt:80 redir ports 800

Thanks again

kaushalpatel1982 10-05-2010 11:54 AM

As per your configuration HTTPS traffic is not submitting to the Squid proxy server. Which means is passing through the Firewall only. What exactly error are you getting ?

mobbsey 10-05-2010 05:39 PM

The page simply will not load - I think this is because the rest of the network is required to use a forced proxy else the same problem results, so what I'm trying to do is redirect the HTTPS traffic through said forced proxy

uglygizmo 02-27-2012 06:41 PM

Hi mobbsey,
Did you find a solution for this? I have the same issue as you.


All times are GMT -5. The time now is 07:45 PM.