【发布时间】:2015-10-22 21:37:37
【问题描述】:
我正在尝试使用 squid 代理将我的 Raspberry pi 设置为 WiFi 接入点。 所有连接到 AP (wlan0) 的用户都将从 eth0 访问互联网
当我使用代理 192.168.0.1:3128 配置浏览器时,所有 http 和 https 站点都可以访问
现在我将 Squid 设置为透明模式。此时只能访问 HTTP 站点。 HTTPS 网站打不开
错误:SSL 连接错误
请查找日志和配置示例
iptables
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 21 -j REDIRECT --to-ports 3128
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
鱿鱼
#Access List
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl home_network src 192.168.0.0/24
acl guest_network src 192.168.1.0/24
acl guest_network src 192.168.169.0/24
#Ports allowed through Squid
acl Safe_ports port 80 #http
acl Safe_ports port 443 #https
acl SSL_ports port 443
acl SSL method CONNECT
acl CONNECT method CONNECT
#allow/deny
http_access allow localhost
http_access allow home_network
http_access allow guest_network
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
#proxy ports
visible_hostname proxy
#http_port 3128 transparent
http_port 3128 intercept
http_port 8080
#caching directory
cache_dir ufs /cache/squid 2048 16 128
cache_mem 1024 MB
#refresh patterns for caching static files
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 40% 40320
鱿鱼日志
1438333207.745 1 192.168.0.10 NONE/400 4000 NONE error:invalid-request - NONE/- text/html
1438333207.749 1 192.168.0.10 NONE/400 4000 NONE error:invalid-request - NONE/- text/html
1438333207.753 1 192.168.0.10 NONE/400 4000 NONE error:invalid-request - NONE/- text/html
1438333207.789 1 192.168.0.10 NONE/400 4000 NONE error:invalid-request - NONE/- text/html
1438333207.803 1 192.168.0.10 NONE/400 4000 NONE error:invalid-request - NONE/- text/html
1438333210.190 1 192.168.0.10 NONE/400 4000 NONE error:invalid-request - NONE/- text/html
【问题讨论】:
标签: https proxy iptables squid raspberry-pi2