Https website is not accessible once transparent proxy is set up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have just set up a transparent proxy (Squid 3.0 on Debian etch).

Http redirect to port 3128 is ok and I can see http traffic in
access.log.

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             anywhere            tcp dpt:www
redir ports 3128


But I cannot access https website even though I have enable port 443 to
be forwarded.

Chain FORWARD (policy DROP)
target     prot opt source               destination
LOG        0    --  anywhere             anywhere            state
INVALID LOG level warning tcp-options ip-options prefix `DROP INVALID
FORWARD'
DROP       0    --  anywhere             anywhere            state
INVALID
ACCEPT     0    --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  localnet/24          anywhere            tcp
dpt:https flags:FIN,SYN,RST,ACK/SYN state NEW
LOG        0    --  anywhere             anywhere            LOG level
warning tcp-options ip-options prefix `DROP '

Base on what I see on my syslog, whenever I browse any https site, the
packet falls under INVALID and hence drop base on my second rule above.

Can anybody help me?

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux