Transparent proxy errors

Transparent proxy errors

[isaiah]

Dear all,

I have a box setup for transparent proxying. Since this happened I have
had several websites timing out.

I have what seems like an SSL problem with many websites especially
hotmail. When one wants to log onto hotmail, the proxy gives "document
contains no data reply". When I manually configure the proxy in my
browser, I then can logon with no problems.

Could anyone help me resolve this?

Regards,

Isaiah.

Re: Transparent proxy errors

[Rodrigo Montoro]

   You can't use transparent proxy with SSL cause headers are
encrypted and contains no useful data about destinations.

Regards,

On 6/9/06, isaiah@medcol.mw <isaiah@medcol.mw> wrote:
> Dear all,
>
> I have a box setup for transparent proxying. Since this happened I have
> had several websites timing out.
>
> I have what seems like an SSL problem with many websites especially
> hotmail. When one wants to log onto hotmail, the proxy gives "document
> contains no data reply". When I manually configure the proxy in my
> browser, I then can logon with no problems.
>
> Could anyone help me resolve this?
>
> Regards,
>
> Isaiah.
>
>


-- 
=====================
 Rodrigo Ribeiro Montoro
Desenvolvedor BRMAlinux
  spooker@brc.com.br
       RHCE/LPIC-I
=====================

Re: Transparent proxy errors

[Diaa Radwan]

[-- Attachment #1: Type: text/plain, Size: 829 bytes --]

Rodrigo Montoro wrote:
>   You can't use transparent proxy with SSL cause headers are
> encrypted and contains no useful data about destinations.
You can use it ,there is nothing will stop iptables from forwarding the
requests to your proxy ports.

> 
> Regards,
> 
> On 6/9/06, isaiah@medcol.mw <isaiah@medcol.mw> wrote:
>> Dear all,
>>
>> I have a box setup for transparent proxying. Since this happened I have
>> had several websites timing out.
>>
>> I have what seems like an SSL problem with many websites especially
>> hotmail. When one wants to log onto hotmail, the proxy gives "document
>> contains no data reply". When I manually configure the proxy in my
>> browser, I then can logon with no problems.
>>
>> Could anyone help me resolve this?
>>
>> Regards,
>>
>> Isaiah.
>>
>>
> 
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Transparent proxy errors

[Isaiah Makwakwa]

Diaa,

How do you do it?

Isaiah
> Rodrigo Montoro wrote:
>>   You can't use transparent proxy with SSL cause headers are
>> encrypted and contains no useful data about destinations.
> You can use it ,there is nothing will stop iptables from forwarding the
> requests to your proxy ports.
>
>>
>> Regards,
>>
>> On 6/9/06, isaiah@medcol.mw <isaiah@medcol.mw> wrote:
>>> Dear all,
>>>
>>> I have a box setup for transparent proxying. Since this happened I have
>>> had several websites timing out.
>>>
>>> I have what seems like an SSL problem with many websites especially
>>> hotmail. When one wants to log onto hotmail, the proxy gives "document
>>> contains no data reply". When I manually configure the proxy in my
>>> browser, I then can logon with no problems.
>>>
>>> Could anyone help me resolve this?
>>>
>>> Regards,
>>>
>>> Isaiah.
>>>
>>>
>>
>>
>
>
>

Re: Transparent proxy errors

[Diaa Radwan]

[-- Attachment #1: Type: text/plain, Size: 1411 bytes --]

Isaiah Makwakwa wrote:
> Diaa,
> 
> How do you do it?
> 
> Isaiah
>> Rodrigo Montoro wrote:
>>>   You can't use transparent proxy with SSL cause headers are
>>> encrypted and contains no useful data about destinations.
>> You can use it ,there is nothing will stop iptables from forwarding the
>> requests to your proxy ports.
>>
>>> Regards,
>>>
>>> On 6/9/06, isaiah@medcol.mw <isaiah@medcol.mw> wrote:
>>>> Dear all,
>>>>
>>>> I have a box setup for transparent proxying. Since this happened I have
>>>> had several websites timing out.
>>>>
>>>> I have what seems like an SSL problem with many websites especially
>>>> hotmail. When one wants to log onto hotmail, the proxy gives "document
>>>> contains no data reply". When I manually configure the proxy in my
>>>> browser, I then can logon with no problems.
>>>>
>>>> Could anyone help me resolve this?
>>>>
>>>> Regards,
>>>>
>>>> Isaiah.
>>>>
>>>>
>>>
>>
>>
> 
> 
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT
--to-ports 3128

yes it's not important to redirect 433(it will not work if you will
do),it depends on your proxy server configuration you should allow the
433 for https.

If you are using squid I'll recommend you to have these options :

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

--
Diaa Radwan




[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Transparent proxy errors

[Cedric Blancher]

Le vendredi 09 juin 2006 à 17:11 +0300, Diaa Radwan a écrit :
> >   You can't use transparent proxy with SSL cause headers are
> > encrypted and contains no useful data about destinations.
> You can use it ,there is nothing will stop iptables from forwarding the
> requests to your proxy ports.

Yes, you can forward them, but it won't work unless your HTTP proxy
handles SSL connection itself.
Usual way to handle SSL connections proxying is explicitly declare proxy
for SSL to have web client issue a CONNECT to the proxy. 


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!