-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If it was possible, all of this simply would not be necessary: http://wiki.squid-cache.org/ConfigExamples/Intercept#Traffic_Interception_capture_into_Squid 02.03.15 2:03, Antony Stone пишет: > On Sunday 01 March 2015 at 19:17:22 (EU time), Yuri Voinov wrote: > >> 02.03.15 0:07, Julianne Bielski пишет: >>> >>> http_port 443 ssl-bump >>> cert=/usr/local/squid3/etc/site_priv+pub.pem >> >> http_port 3128 intercept https_port 3129 intercept ssl-bump >> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB >> cert=/usr/local/squid/etc/rootCA.crt >> key=/usr/local/squid/etc/rootCA.key >> >> 443->3129 port mappind does with NAT. > > Just out of interest, is there any functional difference between: > > - Squid listening (in intercept mode) on port 3129, and NAT > redirecting packets on port 443 to port 3129 > > and > > - Squid listening (in intercept mode) on port 443 ? > > It seems to me from a networking perspective the two should be > identical, so I wonder whether there really is any fundctional > reason for doing the NAT and listening on the redirected port? > > > Thanks, > > > Antony. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU83fcAAoJENNXIZxhPexGlkcIAJthx+5/TPFHPB8Q1e7sYHIw OfA6UWv5GxquRuXRAHzpwsYmHWU7FAwMXQjBwcA4XQ5XuX+Pazro45AYsDZIOkNw ljKCTEKDR1Aq8S553g89dL4aVidkxeb56qxCMDnNVe4Gd11E4c2dPrFEphJ1R29o hvqy19+9fJt6NkXmgdSsVUC9+K8zwp3kxRyUxXiZAUSsZwbJ843Zn9jO0RPJ0o// L5c07DuI/+Skq5mYWgUPcaAONrLpHd49jnYw98j+O4bee1wex5ZwPkpNEYXVd/e/ cXCDkovtOJA95jZom7eJxuawh2WPgViyBIWGBVFwUKvFYeVdPwlZK3frPlr7Quo= =1hO7 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
