On 3/10/2015 12:31 a.m., Job wrote: > Hello, > > i have enabled SSL Bump with certificates, i redirect the 443 on the 3129 port of my Squid server but https sites are not accessible anymore and i can see these errors in logs: > > ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.xxx The connection arriving at Squid does not have any NAT records in the Squid machine kernel. It is mandatory that NAT be done on the Squid machine. Not on some remote router (aka CPE "port-forwarding"). <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> It is mandatory that you *not* test NAT ports by configuring your browser to use the proxy via it. Configure the testing browser the same way teh cleints woudl be tested. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users