+ Post New Thread
Results 1 to 6 of 6
*nix Thread, Squid Transparent in Technical; Right ive got squid setup as a transparent proxy its working fine proxying http requests, but as for https (and ...
  1. #1

    Join Date
    Jan 2007
    Location
    Durham, UK
    Posts
    328
    Thank Post
    33
    Thanked 17 Times in 12 Posts
    Rep Power
    20

    Squid Transparent

    Right ive got squid setup as a transparent proxy its working fine proxying http requests, but as for https (and all other stuff) ive added a iptables rule
    Code:
    iptables -t nat -A POSTROUTING -j MASQURADE
    which according to webmin should masqurade all but this isnt working i still cant access https pages through the proxy.

    Thanks
    Jack D

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,819
    Thank Post
    110
    Thanked 588 Times in 509 Posts
    Blog Entries
    1
    Rep Power
    226

    Re: Squid Transparent

    You can't transparently proxy https.

  3. #3

    Join Date
    Jan 2007
    Location
    Durham, UK
    Posts
    328
    Thank Post
    33
    Thanked 17 Times in 12 Posts
    Rep Power
    20

    Re: Squid Transparent

    But that shouldnt be transparently proxying https? I probably didnt make my last post clear

  4. #4
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,993
    Thank Post
    120
    Thanked 286 Times in 263 Posts
    Rep Power
    108

    Re: Squid Transparent

    It reads fine if you read it more than once . Look up shorewall its a bit easier to configure your firewall with it so you have a better idea of whats going on.

  5. #5

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,683
    Thank Post
    1,268
    Thanked 789 Times in 686 Posts
    Rep Power
    237

    Re: Squid Transparent

    It took me a fair bit of swearing and muttering to get HTTPS working with our transparent proxy setup, so I've included our squid setup script below for anyone who might find it useful (or for anyone out there who actually knows what they're doing with this kind of thing, in which case some pointers on how to do it properly would be much appreciated).

    Note that the below doesn't proxy HTTPS, it simply makes sure that HTTPS is routed past the transparent proxy. The comments are there for my own benifit, as I was trying to remember what I was doing for the next time I needed to edit the file.



    #!/bin/sh

    # A script to set up iptables to set up Squid.
    # This involves first setting up IPTables rules to handle transparent
    # proxying and port forwading, then starting up the Squid process.

    # First, flush any previous IPTables rules.
    iptables -t filter --flush
    iptables -t nat --flush

    # Make sure that IP forwarding is enabled. I /think/ this is needed to get
    # the FORWARD rules below working. No, I don't know why either...
    echo "1" > /proc/sys/net/ipv4/ip_forward

    # Forward established and related connections - i.e. if an HTTPS connection
    # has been initiated from inside the firewall, then traffic coming the other
    # way in reply to it is okay. This is /stateful/ packet filtering, seemingly.
    iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Forward any traffic to port 443 (HTTPS). Add further ports below here as
    # needed. You might also need to add specific websites here - some websites
    # that use cookie-based authetication for user accounts don't handle being
    # cached/filtered very well, so simply add them (or their IP address) in
    # here. Bear in mind that this misses out the filtering for that specific
    # website, so make sure that the whole website is okay before you set this.
    iptables -t filter -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT

    # Deal with data from forwarded ports, i.e. shove it through NAT so it knows
    # where it's going.
    iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.0.5

    # The following line basically tells the machine to forward all incoming TCP
    # traffic not already caught by the above lines to port 3128, where squid
    # is listening. Squid has been compiled to support transparent proxying.
    # Squid isn't set to filter/proxy/cache anything else, so any other traffic
    # you want to allow through will have to be forwaded via the rules above.
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

    # Run Squid. This script keeps an eye on the squid process and
    # attempts to restart it if it conks out for some reason.
    /usr/local/squid/bin/RunCache&



    --
    David Hicks

  6. #6

    Join Date
    Jan 2007
    Location
    Durham, UK
    Posts
    328
    Thank Post
    33
    Thanked 17 Times in 12 Posts
    Rep Power
    20

    Re: Squid Transparent

    Quote Originally Posted by dhicks
    It took me a fair bit of swearing and muttering to get HTTPS working with our transparent proxy setup, so I've included our squid setup script below for anyone who might find it useful (or for anyone out there who actually knows what they're doing with this kind of thing, in which case some pointers on how to do it properly would be much appreciated).

    Note that the below doesn't proxy HTTPS, it simply makes sure that HTTPS is routed past the transparent proxy. The comments are there for my own benifit, as I was trying to remember what I was doing for the next time I needed to edit the file.
    SCRIPT HERE



    --
    David Hicks
    Is eth0 the local interface and eth1 the internet iface?

SHARE:
+ Post New Thread

Similar Threads

  1. Transparent squid + local IP addresses
    By jonathan.lees in forum *nix
    Replies: 1
    Last Post: 2nd December 2007, 01:20 AM
  2. Squid Transparent Proxy.
    By Jackd in forum Network and Classroom Management
    Replies: 2
    Last Post: 25th July 2007, 06:54 PM
  3. squid acl
    By browolf in forum *nix
    Replies: 20
    Last Post: 20th April 2007, 08:55 AM
  4. Squid authentication
    By localzuk in forum *nix
    Replies: 21
    Last Post: 14th February 2007, 08:08 AM
  5. Squid and RM proxies
    By HodgeHi in forum Wireless Networks
    Replies: 6
    Last Post: 1st November 2006, 11:02 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •