> When I send traffic that I expect be be intercepted to Squid, I get
> the following errors in the log file (and a TCP RST from squid):
>
> ERROR: No forward-proxy ports configured
> NF getsockopt(SO_ORIGINAL_DST) failed on local=10.174.14.75:80
> remote=107.3.142.99:60377 FD 10 flags=33: (92) Protocol not available
>
> I know I am missing something pretty simple here.
>
I wouldn't say it is simple. I may be wrong but i think it may not work. To my knowledge, squid in intercept mode will use the original destination of the tcp connection (as passed by netfilter in SO_ORIGINAL_DST) as the server address were it will fetch the x509 cert and mimic that.
For what i've read in your email, the original destination is your amazon box so it can't connect to itself and fetch the certificate.
Without transparent mode the browser explicits connect to the proxy and request a connection to some server. Then squid can fetch the certificate and mimic that.
A working scenario would be to place a box at customer premisses that would do a GRE tunneling to the Amazon BOX.
Best regards,
Nuno Fernandes
Received on Mon Jun 17 2013 - 09:01:52 MDT
This archive was generated by hypermail 2.2.0 : Mon Jun 17 2013 - 12:00:05 MDT