On 8/05/2014 10:33 p.m., 0bj3ct wrote:
> Eliezer Croitoru-2 wrote
>> On 05/05/2014 10:38 AM, 0bj3ct wrote:
>>> I have a transparent Squid. But no one mobile app works with it.
>> More details will be the basic answer:
>> What is the IP topology of the network?
>> What rules have you used in IPTALBES?
>> is it a new machine? have you considered using 14.04?
>>
>> Eliezer
>
> Hello, Eliezer.
>
> I am using ubuntu 13.10, with squid 3.3.8.
>
> iptables/rules.v4 content:
>
>
>> *filter
>> #:PREROUTING ACCEPT [4258:491523]
>> :INPUT ACCEPT [71:4706]
>> :FORWARD ACCEPT [0:0]
>> :OUTPUT ACCEPT [388:25005]
>> :INPUT_RULES - [0:0]
>> -A INPUT -j INPUT_RULES
>> -A FORWARD -j INPUT_RULES
>> -A INPUT_RULES -i lo -j ACCEPT
>> -A INPUT_RULES -p icmp -m icmp --icmp-type any -j ACCEPT
>> -A INPUT_RULES -m state --state RELATED,ESTABLISHED -j ACCEPT
>> -A INPUT_RULES -p tcp -m tcp --dport 80 -j ACCEPT
>> -A INPUT_RULES -p tcp -m tcp --dport 22 -j ACCEPT
>> -A INPUT_RULES -p tcp -m tcp --dport 443 -j ACCEPT
>> -A INPUT_RULES -p tcp -m tcp --dport 53 -j ACCEPT
>> -A INPUT_RULES -p tcp -m tcp --dport 67 -j ACCEPT
>> -A INPUT_RULES -p tcp -m tcp --dport 8080 -j ACCEPT
>> -A INPUT_RULES -p tcp -m tcp --dport 3128 -j ACCEPT
>> #-A INPUT_RULES -j REJECT --reject-with icmp-host-prohibited
>>
>> COMMIT
>> *nat
>> :PREROUTING ACCEPT [0:0]
>> :INPUT_RULES - [0:0]
>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-port 3127
>> COMMIT
>
>
> I can reach http websites with squid, but https websites I must add
> exception before reaching the site.
> I've heard that mobile applications use
> HTTPS by default. How can I fix it? Thanks in advance!
Sone do. Some don't. Some use port 80 and 443 for other things than HTTP
and HTTPS.
Those latter ones are abusing the ports and will always have problems
with interception proxies.
Amos
Received on Thu May 08 2014 - 10:53:17 MDT
This archive was generated by hypermail 2.2.0 : Thu May 08 2014 - 12:00:04 MDT