FreeBSD. Squid, a transparent proxy. Why does only HTTPS work?

L

luxter2015-06-09 13:21:50

FreeBSD

luxter, 2015-06-09 13:21:50

Installed Squid on FreeBSd 10.1, I want to make a transparent proxy. The server is the gateway.

In squid.conf:

http_port 3128 trasparent

acl localnet src 10.0.0.0/24
http_access allow localnet

Added to the firewall rules:

add fwd 127.0.0.1, 3128 tcp from any to any 80 via em1

After restarting the firewall and reconfiguring, squid opens sites only via https, although if you ping through the console, the ping goes to all sites. Why is that? I haven't made any restrictions yet.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

athacker, 2015-06-09
@athacker

And why did you decide that you have HTTPS going through squid at all? In the firewall, you only block requests to the 80th port, and not 443, on which HTTPS works. It turns out that the 80th port (theoretically) wraps up on squid, and the 443rd one passes by, and takes the Internet from somewhere else :-)
And besides, tcp from ANY to any 80 is a jamb wow that size. It would be more correct to write:
add fwd 127.0.0.1, 3128 tcp from 10.0.0.0/24 to any 80 in via em1 keep-state
That will be another conversation. It is assumed that the subnet of your locale is 10.0.0.0/24, and the interface on which the address from this subnet is raised is em1
But these are assumptions based on incomplete data. In general, show the result of ifconfig and the full ipfw and squid configs.

A

Alexander, 2015-06-10
@Tilk

And no one talks about the squid version, and this is important. The syntax for major versions is different. Everyone everywhere writes the obsolete transparent, characteristic of 2-versions, instead of intercept, which is used in the latter.
"http_port 127.0.0.1:3128 intercept" try to write.
Logs also, apparently, are not studied.