Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


Closed Thread
  Search this Thread
Old 12-23-2012, 03:44 PM   #1
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 676
Blog Entries: 7

Rep: Reputation: 32
Squid transparent proxy woes with and without SSL

I am trying to setup a transparent proxy for my own use which I can use to access geo blocked services, I have tried with 3.1.10 and and I am facing different problems in both cases. Let me first describe the network setup

my lan -- GW--- Internet Dedicated Server-- Destination sites

I do point to the sites I want to access using DNS, I.e. I setup site to point to my DNS server on my local LAN. This did work fine on 3.1.10 but not with SSL, I was adviced to use latest SQUID however on latest SQUID I am facing different problems as neither 80 or 443 are working. I am using http_access allow all for testing purposes.

First Case
Squid on a dedicated server CentOS 6, Squid version 3.1.0
Squid is the default repo install in this case

For http traffic this works just fine however for https traffic, once I get the SSL security error page in the browser, the traffic leaves the squid server in http which causes the destination site to redirect to https however, the squid server does send the traffic again in http instead of https and this causes a loop and the browser does through the related error.

Second Case
Squid on a dedicated server CentOS 6, Squid version
Squid Cache: Version
configure options: '--enable-ssl' '--prefix=/usr/local/squid2' '--with-large-files' '--enable-linux-netfilter' --enable-ltdl-convenience

As said I am allowing all traffic, using the same config as above, both http and https traffic do give access denied errors in the browser, logs however do only show miss and not denied.

The relevant lines of the config are :

http_port transparent
https_port transparent ssl-bump cert=/etc/squid/ key=/etc/squid/

and iptables looks as follows :

REDIRECT tcp -- xx.xx.xx.xx tcp dpt:443 redir ports 8443
REDIRECT tcp -- xx.xx.xx.xx tcp dpt:80 redir ports 880

I am at the end of my wits here, please advice.

Old 12-23-2012, 11:37 PM   #2
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either or any third party will be immediately removed. Accessing restricted sites would run afoul of the LQ rules.

This thread is being closed.

Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid transparent proxy won't redirect SSL, Help please! cereal83 Linux - Networking 2 08-15-2007 01:53 PM
Red Hat 7.0, Stunnel 4.20, and my Transparent Proxy Woes randerson Red Hat 0 01-02-2007 07:12 PM
SSL tunnel with transparent proxy daviddst Linux - Security 1 09-04-2004 04:22 PM
Squid Transparent Proxy 1jamie Linux - Security 7 09-26-2003 07:09 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:14 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration