Skip to content
Advertisement

Squid routing SSL traffic

Good day,

I have a setup in which I am routing my received packets at my Mikrotik router to a squid server.

I also can see the incoming traffic with Tcpdump that it is actually ariving @ the correct port (443) on Squid Proxy server.

On the next step I have iptables -t nat -A PREROUTING -p tcp –dport 443 -j DNAT –to 10.0.2.51:3127 (that is all I have on iptable rules)

Which routes the received 443 traffic to port 3127 which is my squid SSL port.

I am getting page not found error on my browser.

Now I know that my Squid is setup correctly, because when I input the proxy server adress manually 10.0.2.51:3127 for SSL in the Mozilla browser all is working great, all SSL pages are logged with SSLbump.

Could someone please help with figuring out why this isn’t working correctly, I am quite new to proxies?

Advertisement

Answer

You are DNATing packets going to the proxy.

But are you SNATing the packets coming back from the proxy ?

Advertisement