hi group, sam eproblem here. normal sites are working but https doesn't. I dont' want to send all the 443 requests to the router directly, since I know that squid handles them (doesn't cache though) properly through 3128, so logically when I redirect all port 80 and port 443 reqyests to 3128 it should work. I guess there is some more tweaking to be done to the chains... if anyone has faced the same problem and solved then please let me know thnaks Jawed India ------- Forwarded message follows ------- Hi, It seems that implementing transparent squid proxy will cause https & ssl to not work well on browsers ... and it would be troublesome to manually setup proxy settings to all browsers within our network. So I'd like to be able to redirect all other requests like https/ssl(port 443) or email client's ports to directly access the internet instead of going through our proxy server. Here's a little diagram of our network: http://static.flickr.com/49/149174815_48fa51f1a3_o.png What I did so far is: 1. Block out all connection request from our router settings except for our proxy server (adminserver ) only, this will force our users to use the proxy settings for their other applications. 2. Set all client's pc's to use the new gateway 'adminserver' (our squid server). 3. Setup transparent proxy for squid. For http requests. Everything else is working fine so far, except that opening up ssl-enabled sites (mail.yahoo.com) creates a timeout error and email clients seems to not work even with proxy settings enabled. What I need is some sort of iptable rule to grab all port 443 connections and make it connect directly to the internet ... I used webmin to formulate a rule but that didn't work ... so I thought of asking for help here, anyone? Here are my current rules: -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128 -A PREROUTING -p tcp -m tcp -i eth0 --dport 443 -j DNAT --to-destination 192.168.100.3 The first one works, it's for transparent proxy, the other one.. I have no idea why it's not working =( Regards, Elijah A. ----------------------------------------------------------------------------- Fortune: India's No 1 edible oil brand. Visit us at www.adaniwilmar.com ------------------------------------------------------------------------------ ------- End of forwarded message ------- -- 9825325766 079-25555625,25555634 jawed.ahmed@xxxxxxxxxxxxxx ------- End of forwarded message ------- -- 9825325766 079-25555625,25555634 jawed.ahmed@xxxxxxxxxxxxxx ----------------------------------------------------------------------------- Fortune: India's No 1 edible oil brand. Visit us at www.adaniwilmar.com ------------------------------------------------------------------------------
