Re: [squid-users] transparent https proxy?

From: Michael Renner <michael.renner@dont-contact.us>
Date: Sun, 26 Sep 2004 19:56:30 +0200

On Sunday 26 September 2004 18:32, Henrik Nordstrom wrote:
> On Sun, 26 Sep 2004, Michael Renner wrote:
> > Now I thougt it's time to test a https setup. Therefore, I added one more
> > rule to the firewall:
> > iptables -t nat -A PREROUTING -i eth0 -s ! 192.168.2.53 -p tcp --dport
> > 443 -j DNAT --to 192.168.2.53:3128
> >
> > Even the https proxy works if the squid host is configured in the
> > browser, it fails as soon it should work as a transparent proxy. I guess
> > an additional configuration is required to tell squid to work as a
> > transparent https proxy ... but how?
>
> Why do you want to transparently intercept https tunnels? What is wrong
> with using NAT/Masquerade?

We had a NAT/Masquerade network before, with open ports 80 and 443. The users
are not allowed to do anything else than http and https. But they are clever
enough to tunnel ssh (or much more: pppssh-tunnel) through the open ports.

So we closed the ports and made this transparent proxy.

An other reason are visitors: They should not have to reconfigure theire
notebook while they are in our institute.

So what we need is a setup that allows:
a.) block every 'none' webpage trafic
b.) usage without client configuration.

Greetings

-- 
|Michael Renner      E-mail: michael.renner@gmx.de  |
|D-72072 Tuebingen   Germany        ICQ: #112280325 |
|Germany             Don't drink as root!      ESC:wq
Received on Sun Sep 26 2004 - 11:56:57 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:03 MDT