On 28/02/2014 8:49 p.m., Jerry OELoo wrote: > To summarize it. Please correct me if anything wrong, Thanks in advance. > Please be a lot more specific. The area we are discussing has a LOT of complexity and very small distinctions between things cause very big differences in configuration and behaviour. > If I want to just transparent pass through http/https packets (Do not > read, modify it), I can just use http_port to open some port, and > client set browser proxy+port directly, and from my testing, it is > right. Please avoid saying "transparent" because there are several "transparent" (proxy/relay/authentication/redirect/interception) terms in HTTP plus several which people call "transparent" when they are not actually. 3 of those very different meanings apply to what we have been talking about so far. I cant tell if you are adding in some of the other meanings as criteria or not. Can you please use the port number to indicate which protocol stack of traffic you are talking about for each requirement. Because "HTTPS" and "https://" are different things, and port 443 and 80 traffic is a mix of the two along with various other things I am trying to avoid confusing you with. > > If I want to get client's https request, Are you taking about HTTP with https://, or HTTP with CONNECT tunnel of HTTPS, or HTTP on port 443? All of those have different answers to the question you are asking. Please be specific. > such as get the browser html > content in https, insert some javascript into client's browser https > response page, Format of the reply object is not relevant. Please skip that. > I need set up NAT on server B For transparent intercept of port 443 that would be yes. > (B should be a gateway or server? It should be setup as a router. > A is a LAN PC whose gateway points > B?, IF you choose to make PC B the LAN network gateway. > Am i right here?), There is no absolute right/wrong. Each of your choices about how to send the traffic from PC A to PC B determines how PC A and PC B have to be configured. > > and then iptables to redirect client A's https packets to squid > https_port. then use squid ssl bump to read/write client's html > content in https. > Lets avoid the generic terms: * transparent - a single word with an category of action with 8 different meanings, 6 of which apply to different Squid configs. * redirect - an action with >20 different configurations involving different combination of 3 slayers of the networking stack). None of which are what you meant to say! Amos