LinuxTechLab.

com
Squid Transparent proxy server : How to
configure
In our earlier tutorials (Squid Proxy server installation & configuration PART 1 & PART 2 ), we
have learned to install & configure squid proxy server. We will now, in this tutorial, learn to configure
Squid transparent proxy server. With setting up Squid transparent proxy server, we have a major
advantage of not configuring proxy setting on every users machine. Being transparent means that users
will have no idea that there requests are being passed through a proxy server.
Squid as transparent proxy acts as a gateway between internet and users. It redirects all the internet
traffic from port 80 to squid proxys port i.e. 3128. So now lets start with the setting squid as
transparent proxy
( Also read : Setting up squid with authentication )

Installation
Firstly, we need to install squid proxy server on the system. To install it, execute
$ sudo yum install squid -y

Configuring squid
Next we need to enable IP Packet Forwarding on the machine, to do this
$ sudo vim /etc/sysctl.conf
then change the following parameter to 1, i.e.
net.ipv4.ip_forward = 1
Save file & exit. Now execute the following command to implement the changes made,
$ sudo sysctl -p
Next, we will configure the squid proxy using its main configuration file i.e. /etc/squid/squid.conf,
$ sudo vim /etc/squid/squid.conf
& make changes as follows to the options mentioned,
http_access allow all
http_port 3128 intercept
visible_hostname squid.proxy
Now save the file & exit. Next to implement the changes restart the squid service,
$ sudo service squid restart
$ chkconfig squid on

Configuring firewall rules

All that remains in the configuration for setting up squid transparent proxy is firewall rules
configuration. Firewalld rules for RHEL/CentOS 7 are ,
$ sudo firewall-cmd permanent zone=public add-forward-
port=port=80:proto=tcp:toport=3128:toaddr=192.168.1.10
$ sudo firewall-cmd permanent zone=public add-port=3128/tcp
$ sudo firewall-cmd permanent add-masquerade
$ sudo firewall-cmd reload
here, 192.168.1.10 is the LAN IP address of the squid proxy server.
For RHEL/CentOS 6, the Iptables rules are
$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp dport 80 -j DNAT to 192.168.1.10:3128
$ sudo iptables -t nat -A PREROUTING -i eth1 -p tcp dport 80 -j REDIRECT to-port 3128
$ sudo iptables t nat -A POSTROUTING out-interface eth1 -j MASQUERADE
After the changes have been made to firewall rules, our server is now ready to work as a squid
transparent proxy. All we have to do test this, is to change the gateway of the client machine to the IP
address of squid server i.e. 192.168.1.10. When we access any website from client machine, it will first
arrive at squid proxy server on port 80 & will then be redirected to port 3128, then after analysing the
ACLs, traffic will be forward to WAN or internet.

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

LinuxTechLab.com