shorewall-users April 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] proxy transparent

Re: [Shorewall-users] proxy transparent

From: troxlinux <xserverlinux_at_nospam>
Date: Tue Apr 17 2012 - 16:15:48 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

2012/4/17 Tom Eastep <teastep@shorewall.net>:

>> You cannot transparently proxy HTTPS -- think about it; would you want
>> to trust your private data to a protocol where a process in the middle
>> could read everything going back and fourth on the connection?

I understand your point Tom, but I explain my situation to you before
having this box linux, I had a called UTM Astaro and he works to me
perfectly of way is transparent, but we do not have money to pay but
license .

>>
>> The data is encrypted! So a proxy can't understand what URL the client
>> is requesting -- understand?
>
> When you manually configure a HTTPS Proxy in your browser, the browser
> knows that it is connecting through a proxy and uses a modified protocol
> that allows it to work while still maintaining data security.
>
> -Tom

 I describe my infrastructure:

Router 172.16.8.1 ====== Proxy Shorewall (eth0) 172.16.8.49 ====
Switch ===LAN 172.16.0.0/22 , gw lan 172.16.8.49

shorewall running ok , version shorewall-4.4.17-2.el5

it works perfect in transparent way, but I can access to pages https

regardss

-- rickygm http://gnuforever.homelinux.com ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users