On 18/11/17 01:45, Joe Foster wrote:
Good morning, I have tried the attached but I still receive the same result. I have attached a screen shot to show what happens, its like there is no connection.
There isn't ...
I have tried it with and without listing 3128 as a safe ssl port. I imagine its not needed as its generated from Squid. HTTPS isn't connecting, HTTP is though that's no surprise, I'm only diverting port 443 to port 3128.
Your port 3128 is configured to only accept plaintext HTTP traffic. It cannot handle the TLS on port 443 traffic.
FWIW the "ssl-bump" option does not make an http_port capable of receiving TLS. It just makes Squid attempt to decrypt the data tunneled inside plain-text CONNECT requests (if any), in accordance with the ssl_bump rules actions.
There are no logs being generated so I cant find out more.
Most currently distributed Squid versions do not log connections that fail with no HTTP activity happening on them. Except when debugging the underlying TCP I/O activity.
I can't for the life of me see what I'm doing wrong. Your advise if greatly received. Thank you JoeI have the below rule added to my firewall for the redirect: connection config redirect option proto 'tcp' option src 'lan' option src_ip '!192.168.1.101' option src_dport '443' option dest 'lan' option dest_ip '192.168.1.101' option dest_port '3128' option target 'DNAT'
NAT can only happen on the Squid machine itself. You must *route* the packets without any type of DNAT prior to their arrival at the Squid device.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
