Issues with TLS inspection Intercept Mode.

[aashutosh kalyankar <aashutosh.xyz@xxxxxxxxx>]

The problem I am seeing is the intercept port initiates HTTP connection to self-IP instead of the web server IP it gets from the DNS request. 

 Filtered Tcpdump screenshot @ https://drive.google.com/open?id=0ByReiwdSAAY_VXBPTjF1M3dYTnBTTnhFVnRocXFveUlNSlNj

Server IP: Eth0: IP: 172.22.22.148/26 (Same eth0 interface reaches the internet gateway).

Configurations for 

1) Nat table: 

Chain PREROUTING (policy ACCEPT 23 packets, 1632 bytes)
num   pkts bytes target     prot opt in     out   source               destination    
1       66 3960 REDIRECT   tcp -- eth0 *     0.0.0.0/0 0.0.0.0/0            tcp dpt:80 /* Redirect http traffic eth0:80 to eth0:3128 */ redir ports 3128

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out   source               destination    
1    13500  856K MASQUERADE  all -- * *       0.0.0.0/0 0.0.0.0/0            /* Allows NAT To happen */

2) Mangle table: 

Chain PREROUTING (policy ACCEPT 6180 packets, 519K bytes)
pkts bytes target     prot opt in     out   source               destination    
1434  148K ACCEPT     tcp -- any any     172.22.22.0/24 anywhere             tcp dpt:http
    0   0 DROP       tcp -- any   any anywhere             anywhere tcp dpt:3128

3) Squid.conf

http_port 172.22.22.148:3128 intercept

https_port 172.22.22.148:3129 intercept ssl-bump cert=/etc/squid/ssl_certs/myCA.pem generate-host-certificates=on

Complete squid.conf file @ https://pastebin.com/gG8pYpLF. 

Please let me know if I am missing some conf or the next steps I should try to get this running. 

Thanks!

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users