0

I am having squid proxy running on port 3128 with 2 nic 

eth0:192.168.2.22 with internet access.

eth1:192.168.1.1 connected to LAN.

Every machines in LAN have ip in the range 

192.168.1.0/24 through DHCP.

It includes both windows and Linux machines(Ubuntu 10.04).

All the windows machines can access HTTPS pages but none of the linux machine can access https page.

When a request is made for https from linux machines,its returning webpage not available.In the squid access log no "CONNECT" request is made when accessed from Linux machine.

What can be the reason?

Squid running: on ubuntu 12.04 64 bit

squid version:squid3-3.1.19

No access restriction is made in the default squid configuration other than enabling localnet to connect.

tried setting 

  export HTTP_PROXY=http://192.168.1.1:3128/ in bashrc

but still not able to acces any https pages.

env https_proxy=http://192.168.1.1:3128/ wget --debug https://google.com/

 DEBUG output created by Wget 1.12 on linux-gnu.

 --2012-10-26 13:45:47--  https://google.com/
  Connecting to 192.168.1.1:3128... connected.
  Created socket 3.
  Releasing 0x08e0a430 (new refcount 0).
  Deleting unused 0x08e0a430.

  ---request begin---
  CONNECT google.com:443 HTTP/1.0
  User-Agent: Wget/1.12 (linux-gnu)

  ---request end---
  proxy responded with: [HTTP/1.0 200 Connection established

  ]
 Initiating SSL handshake.
 Handshake successful; connected socket 3 to SSL handle 0x08e0a678
 certificate:
  subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
  issuer:  /C=US/O=Google Inc/CN=Google Internet Authority
ERROR: certificate common name `*.google.com' doesn't match requested host name     `google.com'.
 To connect to google.com insecurely, use `--no-check-certificate'.
 Closed 3/SSL 0x08e0a678
HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Kevin Parker
  • 757
  • 1
  • 13
  • 32
  • 1
    Is this a transparent proxy or not? I am guessing not but you've got the transparent-proxy tag. Demonstrate how you are testing the connectivity. Try running `env https_proxy=http://192.168.1.1:3128/ wget --debug https://google.com/` on the Linux machines, and see if that gives you a hint. – chutz Oct 26 '12 at 08:20
  • @chutz this is not a transparent proxy – Kevin Parker Oct 26 '12 at 08:32

1 Answers1

2

Did you forget to configure the HTTPS proxy in the Linux machines?

chutz
  • 7,888
  • 1
  • 29
  • 59
  • I didnt specify anything in linux machine.but specified proxy and its port in browser. – Kevin Parker Oct 26 '12 at 08:20
  • Make sure you specified a proxy for the HTTPS protocol, too. – chutz Oct 26 '12 at 08:21
  • yep...setting that variable fixed the issue,,,thanx – Kevin Parker Oct 26 '12 at 08:34
  • can u tell me why i cant ping public ip even with environment varibale set in .bashrc through terminal? – Kevin Parker Oct 26 '12 at 08:39
  • 1
    An HTTP proxy does not let you "ping" servers. Sorry, that's how it works. You can read up on the protocol, but it is out of scope here. I don't think I can **easily** explain. – chutz Oct 26 '12 at 09:39
  • i dont want to ping any...but i need to make ssh access to public servers,from the LAN.tried setting env in .bashrc but not much use. – Kevin Parker Oct 26 '12 at 13:29
  • Try this question to ssh over an http proxy. http://serverfault.com/questions/122862/connect-to-ssh-server-thru-80-via-http-proxy – chutz Oct 27 '12 at 09:57