Hello Elizier, first of all thank you for your patience and help! I use this directives in iptables: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 (for http) iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3129 (for https) In a normal http-only transparent proxy everything works fine, but i would like to implement ssl bump for proxying transparently https connection. When telnetting 3128 or 3129 mode, from Linux machine shell, it seems that connection fails. When telnetting 3128 port not in interception mode (for standard http transparent proxying), the socket opens and stay connected! The squid.conf seciont regarding SSL: http_port 3128 https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 16MB sslcrtd_children 50 startup=5 idle=1 ssl_bump server-first all Thank you again, Francesco ________________________________________ Da: squid-users [squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] per conto di Eliezer Croitoru [eliezer@xxxxxxxxxxxx] Inviato: martedì 11 novembre 2014 15.31 A: squid-users@xxxxxxxxxxxxxxxxxxxxx Oggetto: Re: Problem with Squid 3.4 and transparent SSL proxy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey, Your configuration seems to not include any iptables and other relevant details. What is this machine details? Eliezer On 11/11/2014 04:20 PM, Job wrote: > Hello, > > i initialize correctly SSL Bump with Squid 3.4.4, following some > guides. In iptables i redirect 80 and 443 ports to squid ports. > > Squid starts with no error, lines involving SSL bump are the > following: > > http_port 3128 intercept https_port 3129 intercept ssl-bump > generate-host-certificates=on dynamic_cert_mem_cache_size=16MB > cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key > > But no request arrives to squid. > > If i telnet, from Linux machine, this: > > telnet localhost 3128 or telnet localhost 3129, even though the > socket is open (netstat -avn | grep 3128 and 3129), connection > close immediately. > > I see no errors in cache.log, access.log and messages. > > Thank you Francesco -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUYh2nAAoJENxnfXtQ8ZQUoEEIAI71G38BNCtTTyeGeNB0VHu8 0r2ta5KZKcFLcI3NxcyHN6ygKatSk1zkZQu8uzFOlPIrrAQ1bvql1shpq5vhPjLw 8T8IGEeiULrhx5ms+6ErgvB8sg3wkq1Z+jyJ4Q40lgcPU07ncXzBOyWV5ODaSFXC zYPII8hrtVH0taPgJpW35XcNb/0htyjxdtXbEs3ZCoAmXLwJQsRfHmdeSdn0Am+Y swDybjHpMsaf90SJUVFZN3uDLVxKOcMBVLhbCpWt50g+lsJcQeNCZ4xo2QaRURxT c2lfQD4h1k3ck52r/70dtMZzwTYnoSymyfEGp5zUh8yYSzmd2moDC2z89PEGSQI= =2uuM -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
