Search squid archive

Issues with TLS inspection Intercept Mode.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The problem I am seeing is the intercept port initiates HTTP connection to self-IP instead of the web server IP it gets from the DNS request. 
 Filtered Tcpdump screenshot @ https://drive.google.com/open?id=0ByReiwdSAAY_VXBPTjF1M3dYTnBTTnhFVnRocXFveUlNSlNj

Server IP: Eth0: IP: 172.22.22.148/26 (Same eth0 interface reaches the internet gateway).
Configurations for 
1) Nat table: 
Chain PREROUTING (policy ACCEPT 23 packets, 1632 bytes)
num   pkts bytes target     prot opt in     out   source               destination    
1       66 3960 REDIRECT   tcp -- eth0 *     0.0.0.0/0 0.0.0.0/0            tcp dpt:80 /* Redirect http traffic eth0:80 to eth0:3128 */ redir ports 3128

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out   source               destination    
1    13500  856K MASQUERADE  all -- * *       0.0.0.0/0 0.0.0.0/0            /* Allows NAT To happen */

2) Mangle table: 
Chain PREROUTING (policy ACCEPT 6180 packets, 519K bytes)
pkts bytes target     prot opt in     out   source               destination    
1434  148K ACCEPT     tcp -- any any     172.22.22.0/24 anywhere             tcp dpt:http
    0   0 DROP       tcp -- any   any anywhere             anywhere tcp dpt:3128

3) Squid.conf

http_port 172.22.22.148:3128 intercept

https_port 172.22.22.148:3129 intercept ssl-bump cert=/etc/squid/ssl_certs/myCA.pem generate-host-certificates=on

Complete squid.conf file @ https://pastebin.com/gG8pYpLF

Please let me know if I am missing some conf or the next steps I should try to get this running. 

Thanks!
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux