A proxy is called “transparent” when clients are not aware that their requests are processed through the proxy means we need not to configure our web browser for connect through proxy server.
There are many benefits of using a transparent proxy
- A transparent proxy can enhance their web browsing performance by caching frequently accessed web content, while introducing minimal configuration overhead for them. For administrators.
- It can be used to enforce various administrative policies such as content filtering/URL/IP filtering, rate limiting, etc.
My Setup Scenario :
- System: PC with dual ethernet card (eth0,eth1)
- IPAddress on eth0: 18.104.22.168 # External Interface
- IPAddress on eth1: 192.168.0.42 (192.168.0.0/24 network (around 50 windows systems )
Step 1: Linux PC as a router
# service network restart
Step 2: configure in squid.conf
# vim /etc/squid/squid.conf
visible_hostname proxy.kvit.in # here proxy.kvit.in is a hostname of proxy server
http_port 3128 transparent
## Define our network ##
acl myLAN src 192.168.0.0/24
## make sure that our network is allowed ##
http_access allow myLAN
## finally deny everything else ##
http_access deny all
Step3: create IPTABLES rule
# iptables -t nat -A POSTROUTING -j MASQUERADE
# iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3128
The first rule will cause all outbound packets from eth0 (WAN interface) to have the source IP address of eth1 (i.e., enable NAT). The second rule will redirect all incoming HTTP packets (destined to TCP 80) from eth1 (LAN interface) to Squid listening ort (TCP 3128), instead of forwarding it out to WAN interface right away
Step4: restart and save the services
# service squid start
# chkconfig squid on
# service iptables save
Step6: Log file
Is squid proxy is working correctly?
See access log file /var/log/squid/access.log:
# tail -f /var/log/squid/access.log
Above command will monitor all incoming request and log them to /var/log/squid/access.log file. Now if somebody accessing a website through browser, squid will log information.
Squid Proxy authentication in a transparent mode
You cannot use Squid authentication with a transparently intercepting proxy.