Greetings List,
I am using policy based routing to get HTTP traffic to my proxy.
Basically, as network traffic traverses my router, the policy inspects
the packets to see if they are tcp/80 and, if so, sends it on to my
proxy.
I then have iptables running on the proxy server (RH EL ES 3) to change
the port from tcp/80 to tcp/3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
This all works great.
Now I am trying to add some of the other ports that http(s) may use,
namely tcp/443.
So I add that to my router policy (and verify that the traffic is
getting to my proxy with tcpdump) and add this to my iptables:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT
--to-port 3128
now iptables -t nat -L says this:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http
redir ports 3128
REDIRECT tcp -- anywhere anywhere tcp
dpt:https redir ports 3128
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The problem is, https traffic doesn't go through the proxy. If I
manually configure my proxy settings on my browser, it does work fine.
Any suggestions for what could be going wrong and how to fix it?
Thanks in advance,
Grant
---------
This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended
to be for the use of the individual or entity named above. If you are not the
intended recipient, please be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. Please notify the
sender of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.
Received on Thu Aug 11 2005 - 13:11:21 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT