Modify the routing table to not specify https_proxy

dxxvi · 2022-09-12 20:50:25

I have these env variables:

no_proxy=0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,localhost,myco.net
https_proxy=http://10.51.40.128:3128
http_proxy=http://10.51.40.128:3128

Then I can run

curl -L -o amm https://github.com/com-lihaoyi/Ammonite/releases/download/2.5.4/3.1-2.5.4

Now I'd like to not set those proxy env vars (as some applications don't seem to read them, e.g. scala-cli). So, I run this

# iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j DNAT --to 10.51.40.128:3128

Then I can access http links, e.g.

curl -v -X GET http://pie.dev/get

But https links still don't work. Does anybody know how to make https work? I don't mind making my system less secure, e.g. running something like

openssl s_client -proxy 10.51.40.129:3128 -connect github.com:443 -showcerts

and then installing some corporate-generated certificates, as long as I don't have to use those proxy env vars.

seth · 2022-09-12 21:12:58

Please don't cross-post, report your thread to be moved to another board (or right now, the one in the NC for deletion)

I assume 3128 means this is a squid proxy, do you control it?
Seen https://wiki.archlinux.org/title/Squid# … _web_proxy & https://wiki.archlinux.org/title/Squid#SSL_Bumping ?
https://www.tectut.com/2015/08/configur … ent-proxy/ seems to have a walk-through (don't rely on that exclusively, I've also not read it)

dxxvi · 2022-09-12 21:43:07

seth wrote:

don't cross-post

I just posted a reply to my post in the NC asking for that post to be deleted as I don't see any option to move it to here or to delete it.

seth wrote:

3128 means this is a squid proxy, do you control it?

No, I don't control it. But if I really need a proxy that I have the control on, I can create one and my new squid will use the existing squid as a parent proxy.

2ManyDogs · 2022-09-12 22:08:35

dxxvi wrote:

I just posted a reply to my post in the NC asking for that post to be deleted as I don't see any option to move it to here or to delete it.

Next time please use the Report link to ask Staff to move your topic.

seth · 2022-09-12 22:19:13

You're gonna need some help from the proxy to make a transparent https proxy happen, what does nmap say about open ports?
Can you inquire its configuration?

Arch Linux

#1 2022-09-12 20:50:25

Modify the routing table to not specify https_proxy

#2 2022-09-12 21:12:58

Re: Modify the routing table to not specify https_proxy

#3 2022-09-12 21:43:07

Re: Modify the routing table to not specify https_proxy

#4 2022-09-12 22:08:35

Re: Modify the routing table to not specify https_proxy

#5 2022-09-12 22:19:13

Re: Modify the routing table to not specify https_proxy

Board footer