Read about HTTP transparent proxy. The HTTPS can't be transparently proxied (as I now) for yet. Regards El Mar, 16 de Septiembre de 2008, 8:49, Sam Chan escribió: > Hi, > > I have just set up a transparent proxy (Squid 3.0 on Debian etch). > > Http redirect to port 3128 is ok and I can see http traffic in > access.log. > > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > REDIRECT tcp -- anywhere anywhere tcp dpt:www > redir ports 3128 > > > But I cannot access https website even though I have enable port 443 to > be forwarded. > > Chain FORWARD (policy DROP) > target prot opt source destination > LOG 0 -- anywhere anywhere state > INVALID LOG level warning tcp-options ip-options prefix `DROP INVALID > FORWARD' > DROP 0 -- anywhere anywhere state > INVALID > ACCEPT 0 -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT tcp -- localnet/24 anywhere tcp > dpt:https flags:FIN,SYN,RST,ACK/SYN state NEW > LOG 0 -- anywhere anywhere LOG level > warning tcp-options ip-options prefix `DROP ' > > Base on what I see on my syslog, whenever I browse any https site, the > packet falls under INVALID and hence drop base on my second rule above. > > Can anybody help me? > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
