I currently have a transparent proxy on http with two separate boxes:
firewall-box and squid-box like the howto suggests, however I can't make the setup work with https as well.
It looks something like this:
_____L_o_c_a_l____n_e_t_______________________
| |
____ _____
|Fw | |Squid|
(LAN)----eth1-|Box |-eth0-----------|Box |
|____| |_____|
firewall-box (3 rules):
iptables -t nat -A PREROUTING -i eth1 -p tcp -s \! ETH1_IP -d 0/0 -m multiport --destination-ports 80,443 -j DNAT --to SQUID_BOX:3128
iptables -t nat -A POSTROUTING -o eth1 -s LOCAL_NET -d SQUID_BOX -j SNAT --to ETH1_IP
iptables -A FORWARD -s $rediteso -d SQUID_BOX -i eth1 -o eth0 -p tcp --dport 3128 -j ACCEPT
squid-box (squid.conf):
httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on
I've not found any docs on several httpd_accel_ports, I added another line with httpd_accel_port 443 and it showed a cannot display page error for http://whatever.com:443
^^^^
Both boxes are running woody with linux 2.4.21 and squid is a vanilla 2.5.STABLE3
Is there a way to have both ports handled transparently with iptables and squid? like a httpd_accel_multiports ?? :)
Thanks in advance
Jos�
