iptables + squid cannot serve https requests

omidm · 12-16-2008, 05:27 AM

Hi all,

Installed a squid on a remote server and an iptables on local and add two rules in iptables:

iptables -t nat -A PREROUTING -s ! [squid-server] -d 0.0.0.0/0 -p tcp --dport 443 -i br0 -j DNAT --to-destination [squid-server]:3128
iptables -t nat -A PREROUTING -s ! [squid-server] -d 0.0.0.0/0 -p tcp --dport 80 -i br0 -j DNAT --to-destination [squid-server]:3128

In this situation all http requests served but https requests failed. And when directly connected to squid it was OK and can serve https requests.

And Firefox returned "ssl_error_rx_record_too_long" error.

Thanks.

kentyler · 12-23-2008, 01:49 PM

Seeing as you are using a bridge device you may want to look into using ebtables:

http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html

omidm · 12-31-2008, 07:46 AM

Thanks Ken,

Followed your link and find I can do this by bridging two ethernet cards.
The problem is that I have only one ethernet network on my remote server.

Can I create a virtual interface and bridge them? (one for input and one for output)!
How can I solve this issue?

Thanks a lot.

kentyler · 01-05-2009, 07:36 AM

I'm not sure if you can create a virtual interface for bridging.

Why not put another network card in there they cost like 10 bucks?

omidm · 01-07-2009, 02:04 PM

Because I don't have local access to that computer.