I was referring to the following configuration line. I suppose this
is nat interception. The reason why I am asking about all of this is
that... I captured ssl traffic on the firewall. It tells me the
client( internal lan ip) sent SSL Client Hello packet to target server
successfully with ack. However, the target server never sent SSL
Client Hello back. Instead, it said the server squid gave bad request
(see below).
http_port 3229 transparent ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/ssl/certs/domain.crt
key=/etc/ssl/private/domain.key
HTTP/1.1 400 Bad Request
Server: squid
Mime-Version: 1.0
Date: Mon, 28 Jan 2013 22:42:56 GMT
Content-Type: text/html
Content-Length: 3662
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from server
X-Cache-Lookup: NONE from server:80
Via: 1.1 server (squid)
Connection: close
On Tue, Jan 29, 2013 at 1:23 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On 29/01/2013 12:57 p.m., Roman Gelfand wrote:
When squid is acting as transparent proxy, does squid rewrite ip or
layer 2 data.
Let's say the route is as follows. Will the outgoing traffic be seen
as coming from client's ip as source ip or squid's ip as source ip?
client firewall wan
^ ||
|| ||
eth0|| || GRE tunnel (on eth0 Physical interface)
|| ||
|| V
SQUID Server
Thanks in advance
Are you asking about NAT interception or TPROXY interception? One does, one
does not.
Amos
