On Jan 7, 2008 4:32 PM, Amos Jeffries wrote: > The current releases of squid do not support HTTPS transparently. > There is only an experimental patch waiting for 3.1 called SSLBump which > is supposed to handle that sort of thing. Yes, I understand that. Obviously ssl cannot go through a man-in-the-middle. I'll remove the iptable rule. > > > DNAT tcp -- anywhere anywhere tcp > > dpt:3128 to:192.168.60.254:3128 > > DNAT tcp -- anywhere anywhere tcp > > dpt:webcache to:192.168.60.254:3128 > > > > Chain POSTROUTING (policy ACCEPT) > > target prot opt source destination > > MASQUERADE 0 -- 192.168.60.0/24 anywhere > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > But still no joy.... > > Does squid have port 80 outbound without going through the redirect? > what does cache.log say? (usually .../logs/cache.log) Yes, I think it does. I can use firefox on the machine and there is no corresponding entry in /var/log/squid/cache.log Here is the contents of /var/log/squid/cache.log 2008/01/07 13:44:55| Starting Squid Cache version 2.6.STABLE14 for i386-debian-linux-gnu... 2008/01/07 13:44:55| Process ID 5934 2008/01/07 13:44:55| With 1024 file descriptors available 2008/01/07 13:44:55| Using epoll for the IO loop 2008/01/07 13:44:55| DNS Socket created at 0.0.0.0, port 32775, FD 6 2008/01/07 13:44:55| Adding nameserver 192.168.10.213 from /etc/resolv.conf 2008/01/07 13:44:55| User-Agent logging is disabled. 2008/01/07 13:44:55| Referer logging is disabled. 2008/01/07 13:44:55| Unlinkd pipe opened on FD 11 2008/01/07 13:44:55| Swap maxSize 102400 KB, estimated 7876 objects 2008/01/07 13:44:55| Target number of buckets: 393 2008/01/07 13:44:55| Using 8192 Store buckets 2008/01/07 13:44:55| Max Mem size: 8192 KB 2008/01/07 13:44:55| Max Swap size: 102400 KB 2008/01/07 13:44:55| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2008/01/07 13:44:55| Rebuilding storage in /var/spool/squid (CLEAN) 2008/01/07 13:44:55| Using Least Load store dir selection 2008/01/07 13:44:55| Set Current Directory to /var/spool/squid 2008/01/07 13:44:55| Loaded Icons. 2008/01/07 13:44:55| Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 13. 2008/01/07 13:44:55| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. 2008/01/07 13:44:55| HTCP Disabled. 2008/01/07 13:44:55| WCCP Disabled. 2008/01/07 13:44:55| Ready to serve requests. 2008/01/07 13:44:55| Done reading /var/spool/squid swaplog (56 entries) 2008/01/07 13:44:55| Finished rebuilding storage from disk. 2008/01/07 13:44:55| 56 Entries scanned 2008/01/07 13:44:55| 0 Invalid entries. 2008/01/07 13:44:55| 0 With invalid flags. 2008/01/07 13:44:55| 56 Objects loaded. 2008/01/07 13:44:55| 0 Objects expired. 2008/01/07 13:44:55| 0 Objects cancelled. 2008/01/07 13:44:55| 0 Duplicate URLs purged. 2008/01/07 13:44:55| 0 Swapfile clashes avoided. 2008/01/07 13:44:55| Took 0.4 seconds ( 136.4 objects/sec). 2008/01/07 13:44:55| Beginning Validation Procedure 2008/01/07 13:44:55| Completed Validation Procedure 2008/01/07 13:44:55| Validated 56 Entries 2008/01/07 13:44:55| store_swap_size = 1920k 2008/01/07 13:44:55| Configuring Parent proxy.ua.pt/3128/3130 2008/01/07 13:44:56| storeLateRelease: released 0 objects I'm going to recompile my kernel next and see if that's not the problem. Anything else I could try?
