Search squid archive

Re: Missing IPv6 sockets in Squid 6.7 in some servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/03/24 08:03, Dragos Pacher wrote:

Hello,
I am a Squid beginner and we would like to use Squid inside our organization only as a HTTPS traffic inspection/logging tool for some 3rd party apps that we bought, something close to what a "MITM proxy" is called but we will not do that, instead we use a self signed certificate and the 3rd party app owners know this. Everything is 
100% completely legal. (Ps: I am the IT lead).
FYI: "MITM proxy" is a ridiculous term. "MITM" means "intermediary" in security terminology, "proxy" means "intermediary" in networking terminology. 
 So that term just means "intermediary intermediary", yeah.
Any serious HTTPS inspection/logging by Squid needs some form of SSL-Bump configuration and those 3rd-party Apps MUST be configured with trust for the self-signed root CA you are using.
Without that nothing Squid (or any other proxy) does will allow traffic inspection beyond the initial TLS handshake. 



Assuming that you have checked that detail, on to your issue ...
We will be using Squid only internally, no outside access. Here is my issue with the current knowledge of Squid: POC running well on 3 servers but on the 4th I get no IPv6 
sockets:
ubuntu@A2-3:/$ sudo netstat -patun | grep squid | grep tcp
tcp        0      0 10.10.0.16:3128         0.0.0.0:* LISTEN      2891391/(squid-1) 


Your problem is the https(s)_port "port" configuration parameter.


This Squid is configured to listen like:

  http_port 10.10.0.16:3128

or

  http_port example.com:3128

(when example.com has only address 10.10.0.16)


The "http_port" receives port 80 syntax traffic, it may also be
"https_port" which receives port 443 syntax traffic.




and on the other 3 I have IPv6:
ubuntu@A2-2:/$ sudo netstat -patun | grep squid | grep tcp
tcp        0      0 x.x.x.x:52386    x.x.x.x:443     ESTABLISHED 997651/(squid-1) tcp6       0      0 :::3128                 :::*  LISTEN      997651/(squid-1) 


These Squid are configured to listen like:

 http_port 3128
Ensure that the machine/server the 4th Squid is running on has its http(s)_port line matching the other three machines port value.
At this point do not care about the "mode" or options later in the line. Your issue is solely the "port" parameter. 


Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux