Hello to everybody, we use Squid for http transparent proxyging and everything is all right. I followed some howtos and we add SSL Bump transparent interception. In squid.conf i have: https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem acl broken_sites dstdomain .example.com ssl_bump none localhost ssl_bump none broken_sites ssl_bump server-first all sslcrtd_program /usr/lib/squid/ssl_crtd -s /usr/lib/squid/ssl_db -M 4MB sslcrtd_children 30 and in iptables i added this directive: -A PREROUTING -p tcp -s 192.168.10.8 --dport 443 -j DNAT --to-destination 192.168.10.254:3127 HTTP surfing is still right, but when i connect, as example, to https://www.google.com browser returns page error and i have these log: 2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.254:3127 remote=192.168.10.8:58831 FD 15 flags=33: (92) Protocol not available 2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.254:3127 remote=192.168.10.8:58832 FD 15 flags=33: (92) Protocol not available 2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.254:3127 remote=192.168.10.8:58833 FD 15 flags=33: (92) Protocol not available I read some similar post but i did not apply, and find, the solution. Thank you a log and best regards! Francesco
