On Tue, Oct 6, 2020 at 10:28 AM Witold Tosta <witold.to...@gmail.com> wrote: > >> In any case, I'm now using a combination of TPROXY for HTTP and >> redirect interceptions for HTTPS as follows, and both types of traffic >> seem to be proxied without errors. >> > > It seems like it might work. TPROXY for unencrypted http traffic and SSL BUMP > for HTTPS. > > Let us know, Vieri, if this worked for you.
Yes, Witek, it works fine. I just want to point out that it was also working when using https_port tproxy sslbump in Squid and TPROXY() in SW just as long as I specified one port at a time. The system was behaving as a MITM and analyzing HTTPS traffic on all ports. Anyway, from a pragmatic point of view if TPROXY can't be used on HTTPS then I'll be using REDIRECT. Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
