Re: [squid-users] SQUID as Tranparent Proxy

From: Roman Gelfand <rgelfand2_at_gmail.com>
Date: Tue, 29 Jan 2013 10:46:59 -0500

I was referring to the following configuration line. I suppose this
is nat interception. The reason why I am asking about all of this is
that... I captured ssl traffic on the firewall. It tells me the
client( internal lan ip) sent SSL Client Hello packet to target server
successfully with ack. However, the target server never sent SSL
Client Hello back. Instead, it said the server squid gave bad request
(see below).

http_port 3229 transparent ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/ssl/certs/domain.crt
key=/etc/ssl/private/domain.key

HTTP/1.1 400 Bad Request
Server: squid
Mime-Version: 1.0
Date: Mon, 28 Jan 2013 22:42:56 GMT
Content-Type: text/html
Content-Length: 3662
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from server
X-Cache-Lookup: NONE from server:80
Via: 1.1 server (squid)
Connection: close

On Tue, Jan 29, 2013 at 1:23 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 29/01/2013 12:57 p.m., Roman Gelfand wrote:
>>
>> When squid is acting as transparent proxy, does squid rewrite ip or
>> layer 2 data.
>>
>> Let's say the route is as follows. Will the outgoing traffic be seen
>> as coming from client's ip as source ip or squid's ip as source ip?
>>
>> client ====> firewall ====> wan
>> ^ ||
>> || ||
>> eth0|| || GRE tunnel (on eth0 Physical interface)
>> || ||
>> || V
>> SQUID Server
>>
>> Thanks in advance
>
>
> Are you asking about NAT interception or TPROXY interception? One does, one
> does not.
>
> Amos
Received on Tue Jan 29 2013 - 15:47:05 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 29 2013 - 12:00:07 MST