Access.log brings for www.heise.de on https NECT 192.168.1.222:443 - HIER_NONE/- - 1510489280.731 2 192.168.1.200 NONE/200 0 CO NNECT 192.168.1.222:443 - HIER_NONE/- - 1510489280.836 1 192.168.1.200 TCP_MISS/503 4691 GET https://www.heise.de/ - ORIGINAL_DST/192 .168.1.222 text/html 1510489280.892 1 192.168.1.200 TCP_MISS/503 4703 GET https://www.heise.de/favicon.ico - ORIGI NAL_DST/192.168.1.222 text/html 1510489283.136 2 192.168.1.200 NONE/200 0 CO NNECT 192.168.1.222:443 - HIER_NONE/- - 1510489283.224 1 192.168.1.200 TCP_MISS/503
Am 12.11.2017 12:46 schrieb "snable snable" <thesna...@gmail.com>: hey thanks: i post in detail i have an openwrt box. clients are attached there to the 192.168.2.0/24 network via nat. i attached the router as a wan device on my 192.168.1.0/24 with 192.168.1.254 as my internet gateway. i have a squidbox with squid 4 running on ports 3128 and 3129 and 3130. i forward the traffic from the openwrt via: iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s 192.168.1.222 iptables -t mangle -A PREROUTING -j MARK --set-ma rk 3 -p tcp --dport 80 iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 443 -s 192.168.1.222 iptables -t mangle -A PREROUTING -j MARK --set-ma rk 3 -p tcp --dport 443 ip rule add fwmark 3 table 2 ip route add default via 192.168.1.222 dev eth0.2 table 2 on the squid box redirected it via iptables -A PREROUTING -t nat -i eth0 -p tcp --dp ort 443 -j REDIRECT --to-port 3129 iptables -A PREROUTING -t nat -i eth0 -p tcp --dp ort 80 -j REDIRECT --to-port 3128 http works fine https brings: ERRORThe requested URL could not be retrieved ------------------------------ The following error was encountered while trying to retrieve the URL: https://192.168.1.222/* *Connection to 192.168.1.222 failed.* The system returned: *(111) Connection refused* The remote host or network may be down. Please try the request again. Your cache administrator is webmaster <webmaster?subject=CacheErrorInfo%20-%20ERR_CONNECT_FAIL&body=CacheHost%3A%20raspberrypi%0D%0AErrPage%3A%20ERR_CONNECT_FAIL%0D%0AErr%3A%20%28111%29%20Connection%20refused%0D%0ATimeStamp%3A%20Sun,%2012%20Nov%202017%2011%3A44%3A04%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.1.200%0D%0AServerIP%3A%20192.168.1.222%0D%0A%0D%0AHTTP%20Request%3A%0D%0ACONNECT%20%2F%20HTTP%2F1.1%0AHost%3A%20192.168.1.222%0D%0A%0D%0A%0D%0A> . i had this working a while ago but i forget how. Am 08.11.2017 05:32 schrieb "Amos Jeffries" <squ...@treenet.co.nz>: > On 08/11/17 04:52, snable snable wrote: > >> Hello >> >> i forward from.my openwrt router the traffic for 443 and 80 to my squid >> box to port 3129 and 3128 >> >> > What do you mean by "forward" ? > > Any dst-IP:port NAT operation *MUST* only happen on the Squid device > itself or _later_ down the traffic path. Traffic must be *routed* to that > Squid device. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
