+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 18 of 18
Internet Related/Filtering/Firewall Thread, Squid Transparent Proxy Issues in Technical; Originally Posted by robjcrowston I was hoping for something more on the lines of a Server Side exception? If eth0 ...
  1. #16

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by robjcrowston View Post
    I was hoping for something more on the lines of a Server Side exception?
    If eth0 is your internal connection and eth1 your external connection, try something along the lines of:

    iptables -t filter -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT

    That should forward any internal traffic on port 443 (HTTPS) to the Internet, i.e. any HTTPS request from your internal network gets passed out to the Internet with no questions asked.

  2. #17
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    805
    Thank Post
    82
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    Quote Originally Posted by dhicks View Post
    If eth0 is your internal connection and eth1 your external connection, try something along the lines of:

    iptables -t filter -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT

    That should forward any internal traffic on port 443 (HTTPS) to the Internet, i.e. any HTTPS request from your internal network gets passed out to the Internet with no questions asked.
    @robjcrowston
    What's the purpose of having the proxy? The forwarding rule that dhicks listed will work, but will forward all HTTPS traffic, thus negating any content filtering you may have setup.
    Last edited by Duke5A; 13th November 2012 at 07:53 PM.

  3. #18

    Join Date
    Oct 2011
    Location
    Lincolnshire
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    @Duke5A

    The internet connection we are provided with comes in to the school ready proxied, we have to point machines to a proxy server at the local authority, there is no "transparent internet" so to speak, the purpose of the transparent proxy is to have a cache_peer setup to the proxy server further up in the chain, it also allows us to block certain sites we dont visitors accessing but do want authenticated users to. we currently dont really have a way of blocking https access anyway, so we are not really losing anything.

    I think the answer is going to be your solution, to setup forwarding rules directly to exchange for the webmail, and not provide https. As there is no transparent internet on the WAN side of the proxy server anyway, I assume @dhicks solution wouldnt work.

    Appologies if im missing anything, Im new to squid and ip tables.

    Cheers,

    Rob

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Ubuntu] squid transparent proxy cache questions
    By RabbieBurns in forum *nix
    Replies: 13
    Last Post: 19th October 2012, 11:53 AM
  2. Squid transparent proxying
    By MK-2 in forum *nix
    Replies: 46
    Last Post: 4th June 2008, 11:26 AM
  3. Squid - Transparent - HTTPS Issue
    By ahuxham in forum *nix
    Replies: 1
    Last Post: 25th May 2008, 11:04 AM
  4. Squid Transparent Proxy.
    By Jackd in forum Network and Classroom Management
    Replies: 2
    Last Post: 25th July 2007, 06:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •