[squid-users] Re: Squid 3.3.8 does not work with mobile app from 0bj3ct on 2014-05-08 (squid-users)

From: 0bj3ct <hsnvv_at_box.az>
Date: Thu, 8 May 2014 04:24:35 -0700 (PDT)

Amos Jeffries-2 wrote
> On 8/05/2014 10:33 p.m., 0bj3ct wrote:
>> Eliezer Croitoru-2 wrote
>>> On 05/05/2014 10:38 AM, 0bj3ct wrote:
>>>> I have a transparent Squid. But no one mobile app works with it.
>>> More details will be the basic answer:
>>> What is the IP topology of the network?
>>> What rules have you used in IPTALBES?
>>> is it a new machine? have you considered using 14.04?
>>>
>>> Eliezer
>>
>> Hello, Eliezer.
>>
>> I am using ubuntu 13.10, with squid 3.3.8.
>>
>> iptables/rules.v4 content:
>>
>>
>>> *filter
>>> #:PREROUTING ACCEPT [4258:491523]
>>> :INPUT ACCEPT [71:4706]
>>> :FORWARD ACCEPT [0:0]
>>> :OUTPUT ACCEPT [388:25005]
>>> :INPUT_RULES - [0:0]
>>> -A INPUT -j INPUT_RULES
>>> -A FORWARD -j INPUT_RULES
>>> -A INPUT_RULES -i lo -j ACCEPT
>>> -A INPUT_RULES -p icmp -m icmp --icmp-type any -j ACCEPT
>>> -A INPUT_RULES -m state --state RELATED,ESTABLISHED -j ACCEPT
>>> -A INPUT_RULES -p tcp -m tcp --dport 80 -j ACCEPT
>>> -A INPUT_RULES -p tcp -m tcp --dport 22 -j ACCEPT
>>> -A INPUT_RULES -p tcp -m tcp --dport 443 -j ACCEPT
>>> -A INPUT_RULES -p tcp -m tcp --dport 53 -j ACCEPT
>>> -A INPUT_RULES -p tcp -m tcp --dport 67 -j ACCEPT
>>> -A INPUT_RULES -p tcp -m tcp --dport 8080 -j ACCEPT
>>> -A INPUT_RULES -p tcp -m tcp --dport 3128 -j ACCEPT
>>> #-A INPUT_RULES -j REJECT --reject-with icmp-host-prohibited
>>>
>>> COMMIT
>>> *nat
>>> :PREROUTING ACCEPT [0:0]
>>> :INPUT_RULES - [0:0]
>>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-port
>>> 3128
>>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-port
>>> 3127
>>> COMMIT
>>
>>
>> I can reach http websites with squid, but https websites I must add
>> exception before reaching the site.
>
>> I've heard that mobile applications use
>> HTTPS by default. How can I fix it? Thanks in advance!
>
> Sone do. Some don't. Some use port 80 and 443 for other things than HTTP
> and HTTPS.
> Those latter ones are abusing the ports and will always have problems
> with interception proxies.
>
> Amos

Hello, Amos.

Yes, You are right. I've noticed that some apps work with intercept proxy,
but others do not. For example I can use stocks, weather, news feed, cinemas
and this type applications, but more serious apps that need some
authentification like facebook, google, linkedin, whatsapp and so on do not
work with squid. What do you think, what is the problem? Thanks..

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-3-8-does-not-work-with-mobile-app-tp4665820p4665885.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Received on Thu May 08 2014 - 11:24:38 MDT

This archive was generated by hypermail 2.2.0 : Thu May 08 2014 - 12:00:04 MDT