Rainer Minixhofer wrote: > The shorewall server is an Linksys NSLU2 Slug (named FireSlug) running on > Debian Lenny with its internal interface eth0 and an USB Network interface > on Port2 as external interface eth1. > The shorewall server runs DNS and DHCP server in secondary and slave mode > respectively. The primary ones are running on the internal network > The Thomson Router is configured in the standard firewall mode, which is a > bit tricky to describe because its a template setup. However I do not think > that this causes my problem because if I run the Thomson Router in > transparent mode the problem persists, so I assume I have to focus on the > shorewall configuration on the FireSlug
The Shorewall box, in this case, is simply routing HTTP requests from your local net to the proxy and is masquerading all traffic from the local network to the Internet. > Now with the documentation mentioned above, I have full functionality on the > web when just sticking to either http:// or https:// pages (The Browser are > usually configured without proxy otherwise I would not need a transparent > proxy :-) ). Then the Shorewall configuration is correct. > My problem arises when I get to pages with mixed content (either images from > https:// urls on http:// pages or script based redirection from http:// to > https://). A good example is the page www.xing.com. If I enter > http://www.xing.com the site tries to redirect to https://www.xing.com and > then my browser times out. By just hitting reload with the already > redirected link it works as expected. > When I set the proxy in my browser setting to 10.0.0.152:3128 everything > works (I assume that squid is correctly tunneling the SSL requests). > Therefore I guess it is due to the redirection mechanism on the shorewall > which is just forwarding port 80 to the squid server and forwarding 443 > through the firewall directly. Maybe by switching from 80 to 443 this > mechanism somehow breaks? I can think of nothing in a Shorewall configuration that could correct this behavior. Again, all Shorewall has done is to set up routing such that TCP connections to port 80 get redirected to the Squid box. HTTPS requests on port 443 are passed directly to the Internet after having been masqueraded. Both of those, independently, are obviously working. Sorry that I can't be more helpful. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
