Eliezer & Amos, Thank you for your input & assistance. The iptables rules are on the same machine in which I'm running squid. Amos, just for my understanding changing the below given directive should do the trick ? ssl_bump client-first all to ssl_bump server-first all On Tue, Jan 1, 2013 at 11:21 AM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > > Sorry my bad, > > If it's on the same machine then it should be fine. > if on other it's another story. > on what machine is it? these rules? > > Thanks, > Eliezer > > > On 1/1/2013 7:14 AM, Amos Jeffries wrote: > > No. DNAT and REDIRECT do the same thing and both are valid for Squid > > with NAT intercept. > > > > REDIRECT just assumes the DNAT IP is to be the machines primary IP and > > works when IPs are dynamically assigned to the box. > > > > > > The main problem appears to be configuring "server-first" bumping with > > the directive: > > > > ssl_bump client-first all > > > > > > Amos
