LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-04-2010, 10:46 AM   #1
mobbsey
LQ Newbie
 
Registered: Jun 2010
Distribution: Ubuntu
Posts: 7

Rep: Reputation: 0
HTTPS through upstream proxy


Hi,

I am running a Linux firewall (IPcop) to bridge two networks. Hosts on network A have to use a proxy server in order to get online. This server runs a transparent proxy (squid) configured to use the proxy needed to connect to the internet as an upstream proxy, therefore meaning all the hosts on network B can connect to the internet without the user having to configure a proxy address.

The problem is that HTTPS also has to go through the upstream proxy, which I'm told can't be proxied by my server transparently because of security issues. This means that hosts on network B can't currently access HTTPS sites.

Does anyone know how I can get around this?

Thanks in advance.
 
Old 10-05-2010, 05:17 AM   #2
kaushalpatel1982
Member
 
Registered: Aug 2007
Location: INDIA
Distribution: CentOS, RHEL, Fedora, Debian, Ubuntu, LinuxMint, PCLinuxOS
Posts: 148

Rep: Reputation: 9
Squid is HTTP proxy. It will not handle HTTPS traffic. Just make sure you are not forwarding your 443 port traffic to Squid server. It should go through the masquerade rule in iptables.
 
Old 10-05-2010, 07:05 AM   #3
mobbsey
LQ Newbie
 
Registered: Jun 2010
Distribution: Ubuntu
Posts: 7

Original Poster
Rep: Reputation: 0
Hi, thanks for your reply.

I'm not very familiar with iptables, could you please give an example of how I'd go about doing this?

Thanks again.
 
Old 10-05-2010, 08:03 AM   #4
kaushalpatel1982
Member
 
Registered: Aug 2007
Location: INDIA
Distribution: CentOS, RHEL, Fedora, Debian, Ubuntu, LinuxMint, PCLinuxOS
Posts: 148

Rep: Reputation: 9
Transparent proxy configure by combination of IPTables and squid. I believe you should configured it.

anyway, Can you please provide me the output of following command :

# iptables -nvx -t nat -L

This command will provide your NAT Tables output.
 
Old 10-05-2010, 08:45 AM   #5
mobbsey
LQ Newbie
 
Registered: Jun 2010
Distribution: Ubuntu
Posts: 7

Original Poster
Rep: Reputation: 0
Hi, the output of the command is:

Code:
Chain PREROUTING (policy ACCEPT 75649 packets, 10361195 bytes)
    pkts      bytes target     prot opt in     out     source               dest                                                                             ination
   78092 10486031 CUSTOMPREROUTING  all  --  *      *       0.0.0.0/0                                                                                         0.0.0.0/0
   78092 10486031 SQUID      all  --  *      *       0.0.0.0/0            0.0.0.                                                                             0/0
   75649 10361195 PORTFW     all  --  *      *       0.0.0.0/0            0.0.0.                                                                             0/0

Chain POSTROUTING (policy ACCEPT 73 packets, 4180 bytes)
    pkts      bytes target     prot opt in     out     source               dest                                                                             ination
    4887   301779 CUSTOMPOSTROUTING  all  --  *      *       0.0.0.0/0                                                                                         0.0.0.0/0
    4887   301779 REDNAT     all  --  *      *       0.0.0.0/0            0.0.0.                                                                             0/0
       0        0 SNAT       all  --  *      *       0.0.0.0/0            0.0.0.                                                                             0/0           MARK match 0x1 to:192.168.0.10

Chain OUTPUT (policy ACCEPT 3555 packets, 229083 bytes)
    pkts      bytes target     prot opt in     out     source               dest                                                                             ination

Chain CUSTOMPOSTROUTING (1 references)
    pkts      bytes target     prot opt in     out     source               dest                                                                             ination

Chain CUSTOMPREROUTING (1 references)
    pkts      bytes target     prot opt in     out     source               dest                                                                             ination

Chain PORTFW (1 references)
    pkts      bytes target     prot opt in     out     source               dest                                                                             ination

Chain REDNAT (1 references)
    pkts      bytes target     prot opt in     out     source               dest                                                                             ination
    4814   297599 MASQUERADE  all  --  *      eth1    0.0.0.0/0            0.0.0                                                                             .0/0

Chain SQUID (1 references)
    pkts      bytes target     prot opt in     out     source               dest                                                                             ination
       7      336 RETURN     tcp  --  eth0   *       0.0.0.0/0            10.4.1                                                                             00.0/22       tcp dpt:80
    2443   124836 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.                                                                             0/0           tcp dpt:80 redir ports 800
Thanks again
 
Old 10-05-2010, 11:54 AM   #6
kaushalpatel1982
Member
 
Registered: Aug 2007
Location: INDIA
Distribution: CentOS, RHEL, Fedora, Debian, Ubuntu, LinuxMint, PCLinuxOS
Posts: 148

Rep: Reputation: 9
As per your configuration HTTPS traffic is not submitting to the Squid proxy server. Which means is passing through the Firewall only. What exactly error are you getting ?
 
Old 10-05-2010, 05:39 PM   #7
mobbsey
LQ Newbie
 
Registered: Jun 2010
Distribution: Ubuntu
Posts: 7

Original Poster
Rep: Reputation: 0
The page simply will not load - I think this is because the rest of the network is required to use a forced proxy else the same problem results, so what I'm trying to do is redirect the HTTPS traffic through said forced proxy
 
Old 02-27-2012, 06:41 PM   #8
uglygizmo
LQ Newbie
 
Registered: Mar 2010
Distribution: CentOS 5.4
Posts: 3

Rep: Reputation: 0
Hi mobbsey,
Did you find a solution for this? I have the same issue as you.
 
  


Reply

Tags
https, network bridge, proxy, server, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
https in transparent proxy DeepY0X Linux - Networking 14 03-09-2009 01:49 PM
Dedicated HTTPS proxy? anybody1234 Linux - Security 16 11-08-2005 10:07 PM
SuSE 9.1 has no HTTPS through our Proxy slacker9876 Linux - Networking 2 05-13-2004 08:13 PM
https proxy (???) aaronluke Linux - Networking 3 09-12-2002 09:35 AM
Squid proxy and https roba Linux - Software 2 08-14-2002 04:15 AM


All times are GMT -5. The time now is 04:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration