On 18/11/17 01:45, Joe Foster wrote:
Good morning,
I have tried the attached but I still receive the same result.
I have attached a screen shot to show what happens, its like there is no
connection.
There isn't ...
I have tried it with and without listing 3128 as a safe ssl port. I
imagine its not needed as its generated from Squid.
HTTPS isn't connecting, HTTP is though that's no surprise, I'm only
diverting port 443 to port 3128.
Your port 3128 is configured to only accept plaintext HTTP traffic. It
cannot handle the TLS on port 443 traffic.
FWIW the "ssl-bump" option does not make an http_port capable of
receiving TLS. It just makes Squid attempt to decrypt the data tunneled
inside plain-text CONNECT requests (if any), in accordance with the
ssl_bump rules actions.
There are no logs being generated so I cant find out more.
Most currently distributed Squid versions do not log connections that
fail with no HTTP activity happening on them. Except when debugging the
underlying TCP I/O activity.
I can't for the life of me see what I'm doing wrong.
Your advise if greatly received.
Thank you
Joe
I have the below rule added to my firewall for the redirect:
connection config redirect
option proto 'tcp'
option src 'lan'
option src_ip '!192.168.1.101'
option src_dport '443'
option dest 'lan'
option dest_ip '192.168.1.101'
option dest_port '3128'
option target 'DNAT'
NAT can only happen on the Squid machine itself. You must *route* the
packets without any type of DNAT prior to their arrival at the Squid device.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
