* Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works)
@ 2008-01-27 19:11 Yogesh Patil
2008-01-27 19:17 ` Eljas Alakulppi
0 siblings, 1 reply; 4+ messages in thread
From: Yogesh Patil @ 2008-01-27 19:11 UTC (permalink / raw)
To: netfilter
Hello,
I am using SQUID 2.6.STABLE17 with fedora core 8, & BIND
DNS SERVER configured on the same box, i have configured squid as
transparent proxy with all default settings , and applied iptables
rule by using the following
command
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
so the problem is that i am able to browse websites very well,
but Gmail, Yahoo Messenger, MSN Messenger etc.. and all the websites
using https not works, what would be the issue ?
Regards,
Yogesh Patil
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works)
2008-01-27 19:11 Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works) Yogesh Patil
@ 2008-01-27 19:17 ` Eljas Alakulppi
2008-01-27 20:47 ` Yogesh Patil
0 siblings, 1 reply; 4+ messages in thread
From: Eljas Alakulppi @ 2008-01-27 19:17 UTC (permalink / raw)
To: yogesh, netfilter
You can't transpently proxy https traffic. Search "man-in-the-middle
attack" with Google/your favorite search egine for explanation.
Yogesh Patil <yogesh@technotux.net> kirjoitti Sun, 27 Jan 2008 21:11:30
+0200:
> Hello,
> I am using SQUID 2.6.STABLE17 with fedora core 8, & BIND
> DNS SERVER configured on the same box, i have configured squid as
> transparent proxy with all default settings , and applied iptables
> rule by using the following
> command
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> so the problem is that i am able to browse websites very well,
> but Gmail, Yahoo Messenger, MSN Messenger etc.. and all the websites
> using https not works, what would be the issue ?
>
> Regards,
> Yogesh Patil
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works)
2008-01-27 19:17 ` Eljas Alakulppi
@ 2008-01-27 20:47 ` Yogesh Patil
2008-01-27 20:55 ` Martijn Lievaart
0 siblings, 1 reply; 4+ messages in thread
From: Yogesh Patil @ 2008-01-27 20:47 UTC (permalink / raw)
To: Eljas Alakulppi; +Cc: netfilter
Hi,
Thanks for the reply, but i don't want to really proxy https
traffic i now it is secure, but i want to give access to the websites
which are using https as my internet connection is connected on the
linux box which is having installed BIND DNS, Squid Proxy, and
configured iptables i just want to know, how to allow https websites &
Yahoo messenger which uses socks for connecting to it's servers.
Thanks
Yogesh
On 1/28/08, Eljas Alakulppi <Buzer@buzer.net> wrote:
> You can't transpently proxy https traffic. Search "man-in-the-middle
> attack" with Google/your favorite search egine for explanation.
>
> Yogesh Patil <yogesh@technotux.net> kirjoitti Sun, 27 Jan 2008 21:11:30
> +0200:
>
> > Hello,
> > I am using SQUID 2.6.STABLE17 with fedora core 8, & BIND
> > DNS SERVER configured on the same box, i have configured squid as
> > transparent proxy with all default settings , and applied iptables
> > rule by using the following
> > command
> >
> > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> > --to-port 3128
> >
> > so the problem is that i am able to browse websites very well,
> > but Gmail, Yahoo Messenger, MSN Messenger etc.. and all the websites
> > using https not works, what would be the issue ?
> >
> > Regards,
> > Yogesh Patil
> > -
> > To unsubscribe from this list: send the line "unsubscribe netfilter" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
--
Regards,
Yogesh Patil
Technotux Solutions
33/114, Gandhi Nagar,
Jilha Peth, Jalgaon - 425001
Maharashtra, INDIA
Phone :- +91-257-2235596
Mobile:- +91-9890931432, 9422778329
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works)
2008-01-27 20:47 ` Yogesh Patil
@ 2008-01-27 20:55 ` Martijn Lievaart
0 siblings, 0 replies; 4+ messages in thread
From: Martijn Lievaart @ 2008-01-27 20:55 UTC (permalink / raw)
To: yogesh; +Cc: Eljas Alakulppi, netfilter
Yogesh Patil wrote:
> Hi,
> Thanks for the reply, but i don't want to really proxy https
> traffic i now it is secure, but i want to give access to the websites
> which are using https as my internet connection is connected on the
> linux box which is having installed BIND DNS, Squid Proxy, and
> configured iptables i just want to know, how to allow https websites &
> Yahoo messenger which uses socks for connecting to it's servers.
>
>
Https cannot be proxied transparently (well, not easily). Just allow
port 443 out.
Alternatively, let everyone set your proxy address in their proxy
settings for https. Then the browser will issue a CONNECT to the proxy
to connect to the remote site.
M4
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-01-27 20:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-27 19:11 Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works) Yogesh Patil
2008-01-27 19:17 ` Eljas Alakulppi
2008-01-27 20:47 ` Yogesh Patil
2008-01-27 20:55 ` Martijn Lievaart
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox