I was referring to the following configuration line. I suppose this is nat interception. The reason why I am asking about all of this is that... I captured ssl traffic on the firewall. It tells me the client( internal lan ip) sent SSL Client Hello packet to target server successfully with ack. However, the target server never sent SSL Client Hello back. Instead, it said the server squid gave bad request (see below). http_port 3229 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/ssl/certs/domain.crt key=/etc/ssl/private/domain.key HTTP/1.1 400 Bad Request Server: squid Mime-Version: 1.0 Date: Mon, 28 Jan 2013 22:42:56 GMT Content-Type: text/html Content-Length: 3662 X-Squid-Error: ERR_INVALID_REQ 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from server X-Cache-Lookup: NONE from server:80 Via: 1.1 server (squid) Connection: close On Tue, Jan 29, 2013 at 1:23 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 29/01/2013 12:57 p.m., Roman Gelfand wrote: >> >> When squid is acting as transparent proxy, does squid rewrite ip or >> layer 2 data. >> >> Let's say the route is as follows. Will the outgoing traffic be seen >> as coming from client's ip as source ip or squid's ip as source ip? >> >> client ====> firewall ====> wan >> ^ || >> || || >> eth0|| || GRE tunnel (on eth0 Physical interface) >> || || >> || V >> SQUID Server >> >> Thanks in advance > > > Are you asking about NAT interception or TPROXY interception? One does, one > does not. > > Amos
