* Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works)
@ 2008-01-27 19:11 Yogesh Patil
2008-01-27 19:17 ` Eljas Alakulppi
0 siblings, 1 reply; 4+ messages in thread
From: Yogesh Patil @ 2008-01-27 19:11 UTC (permalink / raw)
To: netfilter
Hello,
I am using SQUID 2.6.STABLE17 with fedora core 8, & BIND
DNS SERVER configured on the same box, i have configured squid as
transparent proxy with all default settings , and applied iptables
rule by using the following
command
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
so the problem is that i am able to browse websites very well,
but Gmail, Yahoo Messenger, MSN Messenger etc.. and all the websites
using https not works, what would be the issue ?
Regards,
Yogesh Patil
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works) 2008-01-27 19:11 Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works) Yogesh Patil @ 2008-01-27 19:17 ` Eljas Alakulppi 2008-01-27 20:47 ` Yogesh Patil 0 siblings, 1 reply; 4+ messages in thread From: Eljas Alakulppi @ 2008-01-27 19:17 UTC (permalink / raw) To: yogesh, netfilter You can't transpently proxy https traffic. Search "man-in-the-middle attack" with Google/your favorite search egine for explanation. Yogesh Patil <yogesh@technotux.net> kirjoitti Sun, 27 Jan 2008 21:11:30 +0200: > Hello, > I am using SQUID 2.6.STABLE17 with fedora core 8, & BIND > DNS SERVER configured on the same box, i have configured squid as > transparent proxy with all default settings , and applied iptables > rule by using the following > command > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > > so the problem is that i am able to browse websites very well, > but Gmail, Yahoo Messenger, MSN Messenger etc.. and all the websites > using https not works, what would be the issue ? > > Regards, > Yogesh Patil > - > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works) 2008-01-27 19:17 ` Eljas Alakulppi @ 2008-01-27 20:47 ` Yogesh Patil 2008-01-27 20:55 ` Martijn Lievaart 0 siblings, 1 reply; 4+ messages in thread From: Yogesh Patil @ 2008-01-27 20:47 UTC (permalink / raw) To: Eljas Alakulppi; +Cc: netfilter Hi, Thanks for the reply, but i don't want to really proxy https traffic i now it is secure, but i want to give access to the websites which are using https as my internet connection is connected on the linux box which is having installed BIND DNS, Squid Proxy, and configured iptables i just want to know, how to allow https websites & Yahoo messenger which uses socks for connecting to it's servers. Thanks Yogesh On 1/28/08, Eljas Alakulppi <Buzer@buzer.net> wrote: > You can't transpently proxy https traffic. Search "man-in-the-middle > attack" with Google/your favorite search egine for explanation. > > Yogesh Patil <yogesh@technotux.net> kirjoitti Sun, 27 Jan 2008 21:11:30 > +0200: > > > Hello, > > I am using SQUID 2.6.STABLE17 with fedora core 8, & BIND > > DNS SERVER configured on the same box, i have configured squid as > > transparent proxy with all default settings , and applied iptables > > rule by using the following > > command > > > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > > --to-port 3128 > > > > so the problem is that i am able to browse websites very well, > > but Gmail, Yahoo Messenger, MSN Messenger etc.. and all the websites > > using https not works, what would be the issue ? > > > > Regards, > > Yogesh Patil > > - > > To unsubscribe from this list: send the line "unsubscribe netfilter" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > -- Regards, Yogesh Patil Technotux Solutions 33/114, Gandhi Nagar, Jilha Peth, Jalgaon - 425001 Maharashtra, INDIA Phone :- +91-257-2235596 Mobile:- +91-9890931432, 9422778329 ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works) 2008-01-27 20:47 ` Yogesh Patil @ 2008-01-27 20:55 ` Martijn Lievaart 0 siblings, 0 replies; 4+ messages in thread From: Martijn Lievaart @ 2008-01-27 20:55 UTC (permalink / raw) To: yogesh; +Cc: Eljas Alakulppi, netfilter Yogesh Patil wrote: > Hi, > Thanks for the reply, but i don't want to really proxy https > traffic i now it is secure, but i want to give access to the websites > which are using https as my internet connection is connected on the > linux box which is having installed BIND DNS, Squid Proxy, and > configured iptables i just want to know, how to allow https websites & > Yahoo messenger which uses socks for connecting to it's servers. > > Https cannot be proxied transparently (well, not easily). Just allow port 443 out. Alternatively, let everyone set your proxy address in their proxy settings for https. Then the browser will issue a CONNECT to the proxy to connect to the remote site. M4 ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-01-27 20:55 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-01-27 19:11 Squid transparent proxy /iptables (Yahoo messenger/Gmail/Https not works) Yogesh Patil 2008-01-27 19:17 ` Eljas Alakulppi 2008-01-27 20:47 ` Yogesh Patil 2008-01-27 20:55 ` Martijn Lievaart
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox