Hey, The iptables rules doesn't make any sense: IPTABLES SETTING # Generated by iptables-save v1.4.7 on Mon Jul 31 05:43:29 2017 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [8330155:414444635] -A INPUT -i eth1 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129 -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3130 -A INPUT -j DROP COMMIT # Completed on Mon Jul 31 05:43:29 2017 There is no PREROUTING in the filter table... Take a peek at: http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect#iptables_configuration and also I suggest you to use intercept ports such as: 13128 (for http, port 80) 13129 ( for https, port 443) And not port 3130. Let me know if it helps with something. Eliezer ---- http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Arsalan Hussain Sent: Tuesday, August 1, 2017 12:45 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Need help to solve problem with Squid 3.5.26 SSL Bump setting & iptables rules Dear all, i have configured squid 3.5.26 SSL bump on CENTOS 6.2 to share internet and delay pools to control bandwidth (my configuration files attached) Problem what i facing and not understanding the issue. 1- clients who send request- proxy setting working fine with this directive http_port 3128 - Delay pools working fine, internet browsing to all clients using proxy is working. 2- When transparent proxy clients sent http request via iptables ... REDIRECT. http_port 3129 intercept OR When transparent proxy clients sent https request via iptables ... REDIRECT. https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.pem I observed the problem in both cases when client sent request through IPTABLES Squid service got failed. When i stop iptables and start squid then it start working. -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129 -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3130 3- my objective to setup squid. * Internet sharing to Proxy setting configured clients. * Internet sharing to Proxy Transparent clients (Those request directed to server from ip route 0.0.0.0 0.0.0.0 Proxy-IP from CISCO Network for HTTP and HTTPS Requests without configuring proxy setting (coming from wireless). * delay pools for HTTP and HTTPS both browsing for proxy & transparent clients. Kindly if somebody help me to fix my problems and if share any setting which works. I had added ssl bump certificate because the service was crashing again and again without any reason after a few days or sometime on same day. -- With Regards, Arsalan Hussain If you don't fight for what you want, don't cry for what you lose. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
