Hi Amos! Resolved: in squid.conf i have to write ip:port instead of :port. As example, 192.168.10.254:3129 works with interception. Only with :3129 it does not works! Francesco ________________________________________ Da: squid-users [squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] per conto di Job [Job@xxxxxxxxxxxxxxxxxxxx] Inviato: lunedì 5 ottobre 2015 14.06 A: Amos Jeffries; squid-users@xxxxxxxxxxxxxxxxxxxxx Oggetto: R: SSL Bump and NF getsockopt failed Hello Amos! >The connection arriving at Squid does not have any NAT records in the >Squid machine kernel. >It is mandatory that NAT be done on the Squid machine. Not on some >remote router (aka CPE "port-forwarding"). The iptables gateway is in the same machine where Squid+SSL bump run. Our transparent proxy for 80/HTTP works perfectly, but users cannot access do https pages. By consolle, if i telnet localhost 3129 (https intecept port), i have no connections, even though in netstat -avn | grep 3129 i have active and listening connections. Please note i use the REDIRECT --to-port command in iptables. Where am i wrong? Thank you! Francesco _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
