iptables PREROUTING:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ADDRTYPE
match dst-type LOCAL
REDIRECT tcp -- anywhere anywhere tcp
dpt:http redir ports 3130
REDIRECT tcp -- anywhere anywhere tcp
dpt:https redir ports 3130
-------------------------
Mikrotik mangle:
add action=route chain=prerouting dst-port=80 passthrough=no
protocol=tcp route-dst={squid} src-address={client}
add action=route chain=prerouting connection-state="" dst-port=443
passthrough=no protocol=tcp route-dst={squid} src-address={client}
-------------------------
full squid.conf:
acl client src x.x.x.x/x
http_access allow client
http_access deny all
http_port 3128
https_port 3130 intercept ssl-bump cert=/xxx/xxx/xxx.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=999MB
acl tls_connect at_step SslBump1
ssl_bump peek tls_connect
ssl_bump splice all
---------------------------
Firefox behavior...
HTTPS: ALL OK!
HTTP (http://google.com):
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again
in a few moments.
If you are unable to load any pages, check your computer’s network
connection.
If your computer or network is protected by a firewall or proxy,
make sure that Firefox is permitted to access the Web.
---------------------------
Squid log:
HTTPS:
----------
1661786874.087 5981 {client} TCP_TUNNEL/200 152 CONNECT
js-sec.indexww.com:443 - ORIGINAL_DST/92.123.33.225 -
1661786874.087 5855 {client} TCP_TUNNEL/200 152 CONNECT
js-sec.indexww.com:443 - ORIGINAL_DST/92.123.33.225 -
1661786877.448 10391 {client} TCP_TUNNEL/200 1254 CONNECT
prg.smartadserver.com:443 - ORIGINAL_DST/185.86.138.32 -
1661786878.480 4 {client} NONE/200 0 CONNECT 64.74.236.255:443 -
HIER_NONE/- -
1661786886.125 7644 {client} TCP_TUNNEL/200 3850 CONNECT
mcdp-chidc2.outbrain.com:443 - ORIGINAL_DST/64.74.236.255 -
1661786886.916 5 {client} NONE/200 0 CONNECT 54.192.111.67:443 -
HIER_NONE/- -
1661786887.070 3 {client} NONE/200 0 CONNECT 34.98.75.36:443 -
HIER_NONE/- -
1661786887.275 0 {client} NONE_ABORTED/200 0 CONNECT
88.221.111.34:80 - HIER_NONE/- -
1661786887.548 4 {client} NONE/200 0 CONNECT 54.192.111.44:443 -
HIER_NONE/- -
1661786888.550 147502 {client} TCP_TUNNEL/200 8554 CONNECT
cdn.cnn.com:443 - ORIGINAL_DST/2.23.52.55 -
1661786888.718 1 {client} NONE/200 0 CONNECT 185.86.138.32:443 -
HIER_NONE/- -
1661786889.510 143920 {client} TCP_TUNNEL/200 9655 CONNECT
aax-eu.amazon-adsystem.com:443 - ORIGINAL_DST/52.95.125.22 -
1661786889.510 116428 {client} TCP_TUNNEL/200 6386 CONNECT
segment-data-us-east.zqtk.net:443 - ORIGINAL_DST/52.72.26.11 -
1661786889.609 6 {client} NONE/200 0 CONNECT 92.123.33.225:443 -
HIER_NONE/- -
1661786890.379 149287 {client} TCP_TUNNEL/200 444896 CONNECT
lightning.cnn.com:443 - ORIGINAL_DST/2.23.52.55 -
1661786892.987 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786892.992 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786892.998 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.003 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.009 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.014 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.019 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.024 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.029 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.034 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.044 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.048 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.053 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.057 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.062 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.067 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.072 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.078 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.082 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.087 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.093 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.098 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.102 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.107 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.112 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.116 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.120 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.125 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.129 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.134 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.140 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.144 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.148 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.152 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.156 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.160 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.165 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.170 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.174 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.178 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.184 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.188 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.192 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.196 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.200 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.204 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.208 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.213 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.217 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.221 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.227 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.231 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.236 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.240 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.243 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.247 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.251 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.255 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.260 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786893.264 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786894.773 5163 {client} TCP_TUNNEL/200 152 CONNECT
js-sec.indexww.com:443 - ORIGINAL_DST/92.123.33.225 -
1661786899.041 10322 {client} TCP_TUNNEL/200 1254 CONNECT
prg.smartadserver.com:443 - ORIGINAL_DST/185.86.138.32 -
1661786899.111 125320 {client} TCP_TUNNEL/200 27104 CONNECT
images.outbrainimg.com:443 - ORIGINAL_DST/92.123.32.26 -
1661786899.314 152898 {client} TCP_TUNNEL/200 285438 CONNECT
widgets.outbrain.com:443 - ORIGINAL_DST/92.123.34.112 -
1661786899.484 98933 {client} TCP_TUNNEL/200 6583 CONNECT
s.amazon-adsystem.com:443 - ORIGINAL_DST/209.54.182.161 -
1661786902.387 3 {client} NONE/200 0 CONNECT 64.74.236.255:443 -
HIER_NONE/- -
1661786903.220 3 {client} NONE/200 0 CONNECT 142.251.37.170:443 -
HIER_NONE/- -
1661786903.361 3 {client} NONE/200 0 CONNECT 92.123.33.225:443 -
HIER_NONE/- -
1661786903.390 169 {client} TCP_TUNNEL/200 1868 CONNECT
safebrowsing.googleapis.com:443 - ORIGINAL_DST/142.251.37.170 -
1661786903.430 2 {client} NONE/200 0 CONNECT 3.217.56.194:443 -
HIER_NONE/- -
1661786903.462 1 {client} NONE/200 0 CONNECT 178.32.210.226:443 -
HIER_NONE/- -
1661786904.650 104106 {client} TCP_TUNNEL/200 4310 CONNECT
pixel-eu.rubiconproject.com:443 - ORIGINAL_DST/69.173.144.165 -
1661786905.983 3 {client} NONE/200 0 CONNECT 64.202.112.127:443 -
HIER_NONE/- -
1661786905.992 2561 {client} TCP_TUNNEL/200 5831 CONNECT
logx.optimizely.com:443 - ORIGINAL_DST/3.217.56.194 -
1661786906.105 121 {client} TCP_TUNNEL/200 0 CONNECT
tr.outbrain.com:443 - ORIGINAL_DST/64.202.112.127 -
1661786906.354 2 {client} NONE/200 0 CONNECT 2.23.52.55:443 - HIER_NONE/- -
1661786906.358 1 {client} NONE/200 0 CONNECT 2.23.52.55:443 - HIER_NONE/- -
1661786906.364 1 {client} NONE/200 0 CONNECT 92.123.34.112:443 -
HIER_NONE/- -
1661786906.620 1 {client} NONE/200 0 CONNECT 146.75.56.64:443 -
HIER_NONE/- -
1661786906.767 3 {client} NONE/200 0 CONNECT 3.217.56.194:443 -
HIER_NONE/- -
1661786907.001 2 {client} NONE/200 0 CONNECT 151.101.1.195:443 -
HIER_NONE/- -
1661786907.494 2 {client} NONE/200 0 CONNECT 54.93.141.29:443 -
HIER_NONE/- -
1661786907.596 2 {client} NONE/200 0 CONNECT 142.251.37.48:443 -
HIER_NONE/- -
1661786907.777 2 {client} NONE/200 0 CONNECT 92.122.218.83:443 -
HIER_NONE/- -
1661786907.913 2 {client} NONE/200 0 CONNECT 54.231.203.49:443 -
HIER_NONE/- -
1661786907.914 4 {client} NONE/200 0 CONNECT 54.231.203.49:443 -
HIER_NONE/- -
1661786907.916 6 {client} NONE/200 0 CONNECT 54.231.203.49:443 -
HIER_NONE/- -
1661786907.919 7 {client} NONE/200 0 CONNECT 18.161.111.80:443 -
HIER_NONE/- -
1661786908.008 1 {client} NONE/200 0 CONNECT 91.228.74.208:443 -
HIER_NONE/- -
1661786908.012 5 {client} NONE/200 0 CONNECT 64.202.112.127:443 -
HIER_NONE/- -
1661786908.135 0 {client} NONE_ABORTED/200 0 CONNECT
216.58.212.99:80 - HIER_NONE/- -
1661786908.305 3 {client} NONE/200 0 CONNECT 92.123.34.112:443 -
HIER_NONE/- -
1661786908.393 5031 {client} TCP_TUNNEL/200 152 CONNECT
js-sec.indexww.com:443 - ORIGINAL_DST/92.123.33.225 -
1661786908.393 172182 {client} TCP_TUNNEL/200 8323 CONNECT
www.google.com:443 - ORIGINAL_DST/142.250.200.196 -
1661786908.561 0 {client} NONE_ABORTED/200 0 CONNECT
18.161.108.38:80 - HIER_NONE/- -
1661786908.562 0 {client} NONE_ABORTED/200 0 CONNECT
18.161.108.38:80 - HIER_NONE/- -
1661786908.562 0 {client} NONE_ABORTED/200 0 CONNECT
18.161.108.38:80 - HIER_NONE/- -
1661786909.615 2 {client} NONE/200 0 CONNECT 104.108.78.219:443 -
HIER_NONE/- -
1661786909.620 2 {client} NONE/200 0 CONNECT 54.147.61.21:443 -
HIER_NONE/- -
1661786909.685 3 {client} NONE/200 0 CONNECT 13.36.218.177:443 -
HIER_NONE/- -
1661786910.704 5 {client} NONE/200 0 CONNECT 3.229.71.121:443 -
HIER_NONE/- -
1661786910.820 1 {client} NONE/200 0 CONNECT 94.237.48.66:443 -
HIER_NONE/- -
1661786910.981 161 {client} TCP_TUNNEL/200 5583 CONNECT
v8-emea.sdk.beemray.com:443 - ORIGINAL_DST/94.237.48.66 -
1661786910.985 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786910.993 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786910.999 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.003 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.012 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.020 2 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.024 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.030 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.034 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.040 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.151 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.156 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.162 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.167 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.172 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.177 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.182 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.187 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.192 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.197 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.204 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.208 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.212 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.215 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.219 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.223 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.227 1 {client} NONE/200 0 CONNECT 52.72.26.11:443 -
HIER_NONE/- -
1661786911.229 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.233 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.237 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.242 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.250 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.254 1 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.258 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.262 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.267 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.272 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786911.392 5027 {client} TCP_TUNNEL/200 152 CONNECT
amplify.outbrain.com:443 - ORIGINAL_DST/92.123.34.112 -
1661786911.398 2 {client} NONE/200 0 CONNECT 52.95.126.160:443 -
HIER_NONE/- -
1661786911.526 5 {client} NONE/200 0 CONNECT 34.246.41.28:443 -
HIER_NONE/- -
1661786911.530 1 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786912.393 170550 {client} TCP_TUNNEL/200 18491 CONNECT
get.s-onetag.com:443 - ORIGINAL_DST/18.161.111.16 -
1661786912.393 170968 {client} TCP_TUNNEL/200 5658 CONNECT
cdn.jsdelivr.net:443 - ORIGINAL_DST/104.16.88.20 -
1661786912.622 3 {client} NONE/200 0 CONNECT 172.217.18.33:443 -
HIER_NONE/- -
1661786912.733 5239 {client} TCP_TUNNEL/200 6889 CONNECT
mms.cnn.com:443 - ORIGINAL_DST/54.93.141.29 -
1661786912.772 150 {client} TCP_TUNNEL/200 5179 CONNECT
4669ca4556421dd764fce36af596f212.safeframe.googlesyndication.com:443 -
ORIGINAL_DST/172.217.18.33 -
1661786913.104 112542 {client} TCP_TUNNEL/200 4310 CONNECT
pixel.rubiconproject.com:443 - ORIGINAL_DST/69.173.144.138 -
1661786913.383 2 {client} NONE/200 0 CONNECT 54.93.141.29:443 -
HIER_NONE/- -
1661786913.394 5475 {client} TCP_TUNNEL/200 371 CONNECT
cdn.boomtrain.com:443 - ORIGINAL_DST/18.161.111.80 -
1661786913.395 170794 {client} TCP_TUNNEL/200 16461 CONNECT
signal-beacon.s-onetag.com:443 - ORIGINAL_DST/54.192.111.35 -
1661786913.395 170901 {client} TCP_TUNNEL/200 7241 CONNECT
onetag-geo.s-onetag.com:443 - ORIGINAL_DST/18.161.97.41 -
1661786913.396 173362 {client} TCP_TUNNEL/200 8454 CONNECT
www.cnn.com:443 - ORIGINAL_DST/146.75.59.5 -
1661786913.464 2 {client} NONE/200 0 CONNECT 18.193.134.248:443 -
HIER_NONE/- -
1661786913.859 10397 {client} TCP_TUNNEL/200 5083 CONNECT
prg.smartadserver.com:443 - ORIGINAL_DST/178.32.210.226 -
1661786914.884 6971 {client} TCP_TUNNEL/200 131386 CONNECT
advsync.s3.amazonaws.com:443 - ORIGINAL_DST/54.231.203.49 -
1661786915.017 7103 {client} TCP_TUNNEL/200 130794 CONNECT
advsync.s3.amazonaws.com:443 - ORIGINAL_DST/54.231.203.49 -
1661786915.025 7108 {client} TCP_TUNNEL/200 132142 CONNECT
advsync.s3.amazonaws.com:443 - ORIGINAL_DST/54.231.203.49 -
1661786915.396 174730 {client} TCP_TUNNEL/200 102282 CONNECT
cdn.cookielaw.org:443 - ORIGINAL_DST/104.16.148.64 -
1661786915.523 7511 {client} TCP_TUNNEL/200 3798 CONNECT
tr.outbrain.com:443 - ORIGINAL_DST/64.202.112.127 -
1661786916.252 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.257 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.262 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.266 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.271 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.275 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.280 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.286 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.290 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.294 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.302 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.307 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.311 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.315 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.319 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.324 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.328 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.333 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.337 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.341 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786916.397 116628 {client} TCP_TUNNEL/200 15014 CONNECT
eus.rubiconproject.com:443 - ORIGINAL_DST/104.125.24.254 -
1661786916.397 170897 {client} TCP_TUNNEL/200 6473 CONNECT
www.ugdturner.com:443 - ORIGINAL_DST/34.237.36.10 -
1661786916.398 170966 {client} TCP_TUNNEL/200 4198 CONNECT
warnermediagroup-com.videoplayerhub.com:443 - ORIGINAL_DST/104.26.9.50
-
1661786917.171 14783 {client} TCP_TUNNEL/200 4492 CONNECT
mcdp-chidc2.outbrain.com:443 - ORIGINAL_DST/64.74.236.255 -
1661786917.399 170571 {client} TCP_TUNNEL/200 6635 CONNECT
securepubads.g.doubleclick.net:443 - ORIGINAL_DST/142.251.37.162 -
1661786917.400 170992 {client} TCP_TUNNEL/200 13115 CONNECT
static.adsafeprotected.com:443 - ORIGINAL_DST/54.192.111.91 -
1661786918.630 5165 {client} TCP_TUNNEL/200 570 CONNECT
www.summerhamster.com:443 - ORIGINAL_DST/18.193.134.248 -
1661786918.718 5335 {client} TCP_TUNNEL/200 8722 CONNECT
mms.cnn.com:443 - ORIGINAL_DST/54.93.141.29 -
1661786919.561 120339 {client} TCP_TUNNEL/200 4961 CONNECT
secure-assets.rubiconproject.com:443 - ORIGINAL_DST/2.17.80.55 -
1661786920.402 173997 {client} TCP_TUNNEL/200 38769 CONNECT
static.chartbeat.com:443 - ORIGINAL_DST/18.161.105.235 -
1661786920.669 174219 {client} TCP_TUNNEL/200 81160 CONNECT
ads.pubmatic.com:443 - ORIGINAL_DST/92.123.33.150 -
1661786921.369 145142 {client} TCP_TUNNEL/200 521393 CONNECT
player.aniview.com:443 - ORIGINAL_DST/92.123.34.136 -
HTTP:
--------
1661786959.922 4 {client} NONE/200 0 CONNECT 142.250.200.196:443
- HIER_NONE/- -
1661786959.987 64 {client} TCP_TUNNEL/200 0 CONNECT
www.google.com:443 - ORIGINAL_DST/142.250.200.196 -
1661786960.061 4 {client} NONE/200 0 CONNECT 142.250.200.196:443
- HIER_NONE/- -
1661786960.177 0 {client} NONE_ABORTED/200 0 CONNECT
216.58.212.99:80 - HIER_NONE/- -
1661786968.308 4 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.317 1 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.337 1 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.344 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.348 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.352 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.360 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.364 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.367 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786968.371 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786971.049 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.053 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.057 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.060 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.064 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.068 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.072 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.076 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.080 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.084 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.093 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.098 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.102 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.105 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.110 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.113 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.117 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.121 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.125 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.128 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.134 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.138 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.142 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.146 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.150 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.154 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.158 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.162 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.166 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.171 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.179 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.183 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.186 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.191 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.194 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.199 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.202 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.206 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.210 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.214 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.220 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.224 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.228 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.231 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.235 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.239 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.244 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.248 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.252 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.256 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.262 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.266 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.270 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.273 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.277 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.281 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.285 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.289 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.292 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786971.296 0 {client} NONE_ABORTED/200 0 CONNECT
34.107.221.82:80 - HIER_NONE/- -
1661786975.433 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.447 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.453 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.460 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.464 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.471 3 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.475 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.480 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.486 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786975.491 0 {client} NONE_ABORTED/200 0 CONNECT
151.101.3.5:80 - HIER_NONE/- -
1661786987.518 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.527 8 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.531 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.540 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.544 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.548 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.557 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.562 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.566 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
1661786987.571 0 {client} NONE_ABORTED/200 0 CONNECT
172.217.18.238:80 - HIER_NONE/- -
On Thu, Aug 18, 2022 at 4:05 PM <ngtech1...@gmail.com> wrote:
>
> Hey K,
>
> I need your Mikrotik and squid.conf and iptables to understand what the issue
> might be.
> You will need to describe your setup in a way I can relate to it.
> There is not much of a difference between port 80 to 443 just that the port
> need to have ssl-bump settings If you are using it.
> The CONNECT port is a simple forward proxy and it seems your setup is not as
> simple as you describe.
> If you do have NAT then you need this to be only on specific interfaces in
> the Mikrotik and the Squid server.
>
> In my case the basic setup works for a very long time now so I cannot imagine
> what's wrong in your case.
>
> Eliezer
>
> ----
> Eliezer Croitoru
> NgTech, Tech Support
> Mobile: +972-5-28704261
> Email: ngtech1...@gmail.com
> Web: https://ngtech.co.il/
> My-Tube: https://tube.ngtech.co.il/
>
> -----Original Message-----
> From: M K <mohammed.khal...@gmail.com>
> Sent: Thursday, 18 August 2022 6:20
> To: ngtech1...@gmail.com
> Cc: squid-users@lists.squid-cache.org; Rafael Akchurin
> <rafael.akchu...@diladele.com>
> Subject: Re: [squid-users] Squid 4.8+ intercept
>
> Hello Eliezer,
>
> I finally got my setup to work; turned out to be intercepted clients
> running into default nat, while my test squid server did not allow
> them access, not even through iptables!
>
> Now, I have one last bit to handle, which you did not cover in your
> video. I'm using 3 ports for squid like Rafael's guide: one for normal
> CONNECT, one for intercepted plain HTTP on 80, and one for intercepted
> HTTPs on 443.
>
> The setup works awesome for TLS addresses (i.e https://), but browser
> redirection from Plain to TLS, say from http://cnn.com to
> https://cnn.com, fails to happen. It just waits then time out.
> What could be done to make it happen?
>
> All best,
> K
>
>
> On Sat, Aug 13, 2022 at 7:57 PM <ngtech1...@gmail.com> wrote:
> >
> > Hey K,
> >
> >
> >
> > What RouterOS version are you using?
> >
> > Also, what rules have you applied?
> >
> > If there is a very long delay and then a failure you should verify that the
> > rules you wrote are proper to your environment.
> >
> > You should route packets based on connection marks and mark only new
> > connections from LAN IP addresses and only on the LAN interface.
> >
> > As I showed in the demo video it’s very simple to implement.
> >
> >
> >
> > Let me know if you are still having issues.
> >
> >
> >
> > Eliezer
> >
> >
> >
> > ----
> >
> > Eliezer Croitoru
> >
> > NgTech, Tech Support
> >
> > Mobile: +972-5-28704261
> >
> > Email: ngtech1...@gmail.com
> >
> > Web: https://ngtech.co.il/
> >
> > My-Tube: https://tube.ngtech.co.il/
> >
> >
> >
> > From: M K <mohammed.khal...@gmail.com>
> > Sent: Saturday, 13 August 2022 10:59
> > To: ngtech1...@gmail.com
> > Cc: squid-users@lists.squid-cache.org
> > Subject: Re: [squid-users] Squid 4.8+ intercept
> >
> >
> >
> > Thank you for your quick reply. The text-drawing actually changed with
> > different font; the squid server is effectively connected to MikroTik
> > router, not the same physical link as the client.
> >
> >
> >
> > The MikroTik router sits between the client and squid server.
> >
> >
> >
> > That said, I can confirm that the MikroTik router is effectively able to
> > route/DNat client packets going to ports 80 and 443 to squid server.
> > Depending on router rules be it route or dnat, the client browser
> > effectively displays the error page of squid, or goes into a very long
> > delay then failure.
> >
> >
> >
> > I will retry and let you know.
> >
> >
> >
> > K
> >
> > On Wed, Aug 10, 2022, 10:08 <ngtech1...@gmail.com> wrote:
> >
> > Hey K,
> >
> >
> >
> > I am not sure about the network topology.
> >
> > Preferably the Squid should reside on another network then the clients if
> > it’s intercepting the traffic.
> >
> > Also, I assume it’s not a TPROXY setup so it should be pretty simple and
> > straight forward.
> >
> >
> >
> > I understand why are you asking this question.
> >
> > Also take into account that Mikrotik is now on 7.4 firmware and it’s
> > recommended to use this one.
> >
> > If you are using any other version let me know so I can try to make sense
> > on the differences.
> >
> > I will try to give a DEMO for such a setup and how to make it work.
> >
> >
> >
> > Eliezer
> >
> >
> >
> > ----
> >
> > Eliezer Croitoru
> >
> > NgTech, Tech Support
> >
> > Mobile: +972-5-28704261
> >
> > Email: ngtech1...@gmail.com
> >
> > Web: https://ngtech.co.il/
> >
> > My-Tube: https://tube.ngtech.co.il/
> >
> >
> >
> > From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of
> > M K
> > Sent: Tuesday, 9 August 2022 22:29
> > To: squid-users@lists.squid-cache.org
> > Subject: [squid-users] Squid 4.8+ intercept
> >
> >
> >
> > Hello,
> >
> >
> >
> > I have a setup like this one:
> >
> >
> > | Client | =====> | Router | =====> Internet
> > ||
> > \/
> > | Squid |
> >
> >
> >
> > ...the router is a Mikrotik router capable of all things NAT/Redirect and
> > whatnot. Squid server has only one network interface.
> >
> > Using the router:
> >
> > - I tried routing traffic to squid server IP.
> >
> > - I tried destination-NATing from client to server IP, with origin server
> > IP-and-port natted to squid IP-and-port, and with origin server IP-only
> > natted to squid-IP.
> >
> >
> >
> > I have been struggling for 2 days to setup a working Squid 4.8 or higher
> > interception.
> >
> > Test server is running Ubuntu 18.4.3 and Squid 4.8.
> >
> > Documentation is either too much trim or extremely outdated.
> >
> > Any help would be very much appreciated.
> >
> >
> >
> > All best,
> >
> > K
>
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
