how to let https traffic through http proxy ?
-
I have 3 VMs.
192.168.200.1- pfSense ( with 3 nics, 1 wan, 2 lan (Lan, OthersRoute) )192.168.200.33- debian ( using clash as http proxy server.)192.168.200.32- centos (client machine)
Other Info.
- clash on debian, HTTP proxy listening port:
7890. - I start Squid service on my pfSense, and I checked
Transparent HTTP Proxyoption. - I add 2 custom options to squid.
cache_peer 192.168.200.33 parent 7890 0 no-querynever_direct allow all
Use commands on centos( client machine)
curl -x 192.168.200.33:7890 -v https://www.google.com, it works fine.curl -x 192.168.200.1:3128 -v https://www.google.com, it works fine.curl http://www.google.com, it works fine.curl https://www.google.com, it's timeout.My Question.
How to let https request transparent proxy to
192.168.200.1:3128/192.168.200.33:7890?
Just likecurl -x 192.168.200.1:3128.More Info
Enable SSL filtering.
I tried to check the
Enable SSL filtering.option.- I create a cert in
System / Cert. Manager - SSL/MITM Mode:
Splice All - SquidGuard target rules: all
- It doesn't work.
Port Forward
- Generated rule:
rdr on em1 proto tcp from 192.168.200.0/24 to any port 443 -> 192.168.200.1 port 3128 - Generated rule:
rdr on em2 proto tcp from 192.168.200.0/24 to 192.168.200.0/24 port 443 -> 192.168.200.1 port 3128 - One Port Forward rule, but 2 generated rules
- command:
curl -v http://www.baidu.com - It throws
NSS error -5938 (PR_END_OF_FILE_ERROR)on the centos matchine.
Thank you for reading.
-
dunno why you need clash, but for proxying https you need squid-guard on pfsense
-
@srlek Hi, srlek
Thank you for your reply.dunno why you need clash
Because I am in China, the gov blocks a lot of websites.
but for proxying https you need squid-guard on pfsense
I have installed squid-guard package, and I set
target rules=all, and it doesn't work.Maybe I need more knowledge about routing.
