Good morning,
I have tried the attached but I still receive the same result.
I have attached a screen shot to show what happens, its like there is no
connection.
I have tried it with and without listing 3128 as a safe ssl port. I
imagine its not needed as its generated from Squid.
HTTPS isn't connecting, HTTP is though that's no surprise, I'm only
diverting port 443 to port 3128.
There are no logs being generated so I cant find out more.
I can't for the life of me see what I'm doing wrong.
Your advise if greatly received.
Thank you
Joe
I have the below rule added to my firewall for the redirect:
connection config redirect
option proto 'tcp'
option src 'lan'
option src_ip '!192.168.1.101'
option src_dport '443'
option dest 'lan'
option dest_ip '192.168.1.101'
option dest_port '3128'
option target 'DNAT'
On Thu, 2017-11-16 at 10:38 +0100, Matus UHLAR - fantomas wrote:
> On 16.11.17 08:21, Joe Foster wrote:
> >The problem is the connections are not getting through. It just acts
like
> >there is no WiFi connection.
>
> what exactly is the error? Does squid receive those connections?
> does squid reject them?
>
Attachment:
Screenshot from 2017-11-17 09-36-42.png
Description: PNG image
acl localnet src 10.0.0.0/8 acl localnet src 172.16.0.0/12 acl localnet src 192.168.1.0/16 acl localnet src fc00::/7 acl localnet src fe80::/10 acl ssl_ports port 443 acl ssl_ports port 3128 acl safe_ports port 80 acl safe_ports port 21 acl safe_ports port 443 acl safe_ports port 70 acl safe_ports port 210 acl safe_ports port 1025-65535 acl safe_ports port 280 acl safe_ports port 488 acl safe_ports port 591 acl safe_ports port 777 acl safe_ports port 3128 acl connect method connect #acl ssl_ports port 3128 #http_port 3128 ssl-bump cert=/certs/myCA.pem http_access deny !safe_ports http_access deny connect !ssl_ports http_access allow localhost manager http_access deny manager http_access deny to_localhost acl bad_domain url_regex -i "/badwords" acl good_domain url_regex -i "/safewords" http_access deny bad_domain !good_domain http_access allow good_domain http_access allow localnet http_access allow localhost cache deny all http_access deny all # Squid normally listens to port 3128 http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=50KB cert=/certs/myCA.pem ssl_bump server-first all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 access_log /squid.log cache_log /squid1.log cache_store_log stdio:/squid2.log logfile_rotate 0 logfile_daemon /dev/null
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
