Yogesh Patil wrote:
hi,
I am using SQUID 2.6.STABLE17 with CentOS 5, & BIND
DNS SERVER configured on the same box, i have configured squid as
transparent proxy with all default settings , and applied iptables
rule by using the following
command
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
i am able to browse http websites, but when i try to open https
sites, such as, gmail.com, hotmail.com etc.. i am not able to get any
response from the proxy.
i have also tryied with forwarding 443 (https) port to the 3128
(squid) port but still no success.
For transparently proxying HTTPS, I believe you will need to configure
the "https_port 3129 cert=..." setting in squid.conf and configure
iptables to redirect port 443 to 3129. Squid port 3128 isn't able to
recognize the SSL protocol negotiation that occurs at the start of the
connection when HTTPS is transparently proxied...
Hope this helps,
Guy
--
Guy Helmer, Ph.D.
Chief System Architect
Palisade Systems, Inc.
