Yogesh Patil wrote:
> hi,
> I am using SQUID 2.6.STABLE17 with CentOS 5, & BIND
> DNS SERVER configured on the same box, i have configured squid as
> transparent proxy with all default settings , and applied iptables
> rule by using the following
> command
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> i am able to browse http websites, but when i try to open https
> sites, such as, gmail.com, hotmail.com etc.. i am not able to get any
> response from the proxy.
> i have also tryied with forwarding 443 (https) port to the 3128
> (squid) port but still no success.
>
For transparently proxying HTTPS, I believe you will need to configure
the "https_port 3129 cert=..." setting in squid.conf and configure
iptables to redirect port 443 to 3129. Squid port 3128 isn't able to
recognize the SSL protocol negotiation that occurs at the start of the
connection when HTTPS is transparently proxied...
Hope this helps,
Guy
-- Guy Helmer, Ph.D. Chief System Architect Palisade Systems, Inc.Received on Thu Jan 31 2008 - 13:19:13 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST