Hi Amos: Thanks for your quick feedback. 1) I do not much understand your said about connect to host 10.64.12.100, I just find it in B (10.64.12.101) squid cache.log, 2) I do not add any other setting in squid.conf about interception. 3) As you mentioned, https_port requires NAT interception, so in my scenario, A, B are in the same LAN, and I want to A use B as HTTPS proxy, and I want to use SSL bump to monitor A's HTTPS content. so is there any way that can meet it? On Wed, Feb 26, 2014 at 2:36 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 2014-02-26 16:15, Jerry OELoo wrote: >> >> Hi All: >> I am new to Squid, I want to try its SSL Bump, Please kindly check as >> below. Thanks in advance. >> >> Network topology: >> >> A, client, Windows7, IP: 10.64.12.100, >> B, Proxy server, Ubuntu, running Squid, IP: 10.64.12.101 >> > > Okay. However that log snippet below says that the website your client is > trying to connect to is being hosted on 10.64.12.100 port 32843. > > > >> kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on >> local=10.64.12.101:3130 remote=10.64.12.100:32843 FD 12 flags=33: (92) >> Protocol not available > > > How is the interception being done? > > > >> # Https Port >> https_port 3130 intercept ssl-bump generate-host-certificates=on >> dynamic_cert_mem_cache_size=4MB >> cert=/usr/local/etc/squidcert/certs/proxyCert.pem >> key=/usr/local/etc/squidcert/private/proxyKey.pem >> > > This port configuration requires NAT interception. > > Amos -- Rejoice,I Desire!
