Hi all,
I am using squid 5.7 on Debian Bookworm, and would like to setup a
transparent + SSL bump proxy.
Tried the example below, but squid failed to start when https_port
having "intercept ssl-bump"
https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
Anyone can point to the r
I have a external proxy server connected by VPN (IPSEC) to my main branch, and
i'm trying to redirect all users HTTP / HTTPS traffic to this proxy.
Scenario Users -> Gateway (Main Branch) -> IPSEC -> Squid Proxy (transparent
mode)
In my Gateway (Main Branch) I have this test iptables rule, that
Hey,
The dnat rule should be done on the squid itsef.
You will need to re-route the relevant traffic over the ipsec tunnel to the
squid ip.
It's possible to do that over ipip or gre tunnels.
Eliezer
בתאריך יום ג׳, 30 ביולי 2024, 15:41, מאת Bolinhas André <
andre.bolin...@articatech.com>:
> I h
Hi John,
On 30/07/24 18:05, John Mok wrote:
Hi all,
I am using squid 5.7 on Debian Bookworm, and would like to setup a
transparent + SSL bump proxy.
Anyone can point to the right direction ?
Squid on Debian and Ubuntu do not have following options:
--enable-ssl
--enable-ssl-crtd
You may wa
Hi Nishant,
Yes, I did rebuild the package with
--with-openssl
--enable-ssl-crtd
but squid service failed to start with http_port configured with intercept
and ssl-bump modes at the same time. Any idea ?
On Tue, Jul 30, 2024, 21:12 Nishant Sharma wrote:
> Hi John,
>
> On 30/07/24 18:05, John
Hello fellow squid users can you please help? I have noticed that I get 409
errors with IPv6 only clients this leads me to believe that it’s DNS related.
My firewall has both IPV4 and IPV6 DNS. I wonder if when an IPV6 only client is
trying to access the proxy it defaults to IPv4 dns. How can on
Hi
Do you mean user this
iptables -t nat -I PREROUTING -s 192.168.60.90/32 -p tcp -m tcp --dport 443 -m
comment --comment ArticaSquidTransparent -j DNAT --to-destination
172.31.0.1:25976
iptables -t nat -I PREROUTING -s 192.168.60.90/32 -p tcp -m tcp --dport 80 -m
comment --comment ArticaSqu
Hey,
Sorry I missed understand the scenario.
For now lets assume the packets are routed to the proxy properly but, lets
try to understand how do you route the traffic to the proxy?
Also what is defined on the proxy http_port
Are you using artica proxy?
Where do you implement the iptables rules?
On 30/07/24 08:47, Jonathan Lee wrote:
I did not know that I had the option set to disable Squid ICMP pinger
pinger helper is not releted.
What I meant was that you need to ensure ICMPv6 protocol is enabled and
working on your network. That is usually a firewall issue.
If it is blocked, th
Debian/12 (aka "Bookworm") provides the package "squid-openssl" with the
SSL-Bump feature enabled. It is a drop-in replacement for the "squid"
package.
Cheers
Amos
On 31/07/24 03:11, John Mok wrote:
Hi Nishant,
Yes, I did rebuild the package with
--with-openssl
--enable-ssl-crtd
but
The error it shows when I activate IPv6 only mode not dual stack is
Error: no forward proxy ports configured
Squid terminated
Sent from my iPhone
> On Jul 30, 2024, at 20:16, Amos Jeffries wrote:
>
> On 30/07/24 08:47, Jonathan Lee wrote:
>> I did not know that I had the option set to disabl
11 matches
Mail list logo
