Squid as transparent proxy

What is Squid?

Squid is internet (web) cache proxy server to optimize the internet usage by storing frequently accessed data to its cache, which provides faster access to the same contents request of the clients. Also keeps track of user actions in squid.log file which locates in /var/log/squid/access.log

Applying Access Control List to prevent unwanted destinations like yahoo, gmail, YouTube, file download & video streaming.

With our guide we are going to show you how to install and configure squid proxy server and use as a transparent proxy.

eth0 : 192.168.1.246 (Internet access)
Default GW : 192.168.0.253
DNS : 8.8.8.8

eth1: private network(LAN) : 172.16.1.1
Default GW : N/A

The inside network (LAN) uses 172.16.1.1 as gateway. The local network range 172.16.1.0/24.

[root@Firewall ~]# ifconfig

eth0 Link encap:Ethernet HWaddr 08:00:27:7E:AD:1F
inet addr:192.168.1.246 Bcast:192.168.1.255 Mask:255.255.254.0 -> Public IP
inet6 addr: fe80::a00:27ff:fe7e:ad1f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33883 errors:0 dropped:0 overruns:0 frame:0
TX packets:15307 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30952614 (29.5 MiB) TX bytes:1323308 (1.2 MiB)

eth1 Link encap:Ethernet HWaddr 08:00:27:9D:69:68
inet addr:172.16.1.1 Bcast:172.16.1.255 Mask:255.255.255.0 -> Private IP
inet6 addr: fe80::a00:27ff:fe9d:6968/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26317 errors:0 dropped:0 overruns:0 frame:0
TX packets:25664 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2323478 (2.2 MiB) TX bytes:30181897 (28.7 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

What is transparent proxy?

Transparent Proxy, clients doesn’t require browser settings.

Before you start installing dependency packages, make sure you have internet access from the server.

The default proxy http_port is 3128, this you can change it to suitable to your requirement.

Easy steps to configure transparent proxy

Install squid proxy package using below yum command line utility which will install the package from the repository.

#yum install squid

Locate the entry http_port and replace http_port to http_port 192.168.1.246:3128 transparent

#vi /etc/squid/squid.conf

http_port 192.168.0.254:3128 transparent
http_access allow all
http_access deny all

Save and Exit!

Note:
Add the “http_access allow all”, above to the line “http_access deny all”

Start squid service and set it to ON at reboot

#service squid start
#chkconfig squid on

Now turn to IPTABLES NAT rule to redirect http request to proxy port i.e., 3128
Enable IP forwarding

#echo “1″ > /proc/sys/net/ipv4/ip_forward

Transparent proxy, port redirection from 80:web to 3128:proxy default port.

#iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3128

Note:

-i eth1 : the request received on eth0 for 80 to be redirected to port 3128

Inside to outside NAT

#iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j SNAT –to 192.168.1.246

Both comments and pings are currently closed.

Comments are closed.

Copyright ©Solutions@Experts.com
Copyright © NewWpThemes Techmark Solutions - www.techmarksolutions.co.uk