Hi I have this setup: INTERNET ---- OTHERPROXY_SQUID25 ---- OTHER_LAN + MYPROXY_SQUID2.6 ---- MYLAN OTHERPROXY does not allow https out except via the proxy, and all the NAT'ed OTHER_LAN have proxies set non-transparently. MYPROXY is on OTHER_LAN and peers to OTHERPROXY, and is transparent for (again NAT'ed) MYLAN. MYPROXY has this facing MYLAN: http_port 10.0.0.1:3128 transparent never_direct allow all with port 80 redirected to port 3128 by iptables. Since OTHERPROXY recently firewall-blocked 443 except via proxy, MYLAN does not get HTTPS. I got OTHERPROXY to allow https, then MYLAN has https access again. This is a temporary solution. Neither adding in squid.conf http_port 10.0.0.1:443 transparent nor redirecting 443 to 3128 with iptables allows MYLAN to use https though. I have the usual http_access deny CONNECT !SSL_ports in MYPROXY, and if I set the proxy manually in MYLAN, I have https access. However, not all of MYLAN can set the proxy manually, it is too dynamic. Is there another way? Should either of above be working? regards, Jan -- .~. /V\ Jan Groenewald /( )\ www.aims.ac.za ^^-^^
