SQUID as a transparent proxy on CentOS /RHEL

SQUID as a transparent proxy on CentOS /RHEL

by -
0 3250

A proxy is called “transparent” when clients are not aware that their requests are processed through the proxy means we need not to configure our web browser for connect through proxy server.

There are many benefits of using a transparent proxy

  1. A transparent proxy can enhance their web browsing performance by caching frequently accessed web content, while introducing minimal configuration overhead for them. For administrators.
  2. It can be used to enforce various administrative policies such as content filtering/URL/IP filtering, rate limiting, etc.

My Setup Scenario :

  • System: PC with dual ethernet card (eth0,eth1)
  • IPAddress on eth0: 122.176.40.1         # External Interface
  • IPAddress on eth1: 192.168.0.42 (192.168.0.0/24 network (around 50 windows systems )

Step 1: Linux PC as a router

# vi /etc/sysctl.conf

net.ipv4.ip_forward=1

# service network restart

Step 2: configure in squid.conf

Now we will modify Squid configuration to turn it into a transparent proxy. We define our LAN subnet (e.g., 192.168.0.0/24) as a our client network.

# vim /etc/squid/squid.conf

visible_hostname proxy.kvit.in     # here proxy.kvit.in is a hostname of proxy server

http_port 3128 transparent

## Define our network ##

acl myLAN src 192.168.0.0/24

## make sure that our network is allowed ##

http_access allow myLAN

## finally deny everything else ##

http_access deny all

Step3: create IPTABLES rule

To set up a transparent proxy with Squid, we start by adding necessary iptables rules. These rules should help you get started, but please make sure that they do not conflict with any of the existing configuration.

# iptables -t nat -A POSTROUTING -j MASQUERADE
# iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3128

The first rule will cause all outbound packets from eth0 (WAN interface) to have the source IP address of eth1 (i.e., enable NAT). The second rule will redirect all incoming HTTP packets (destined to TCP 80) from eth1 (LAN interface) to Squid listening ort (TCP 3128), instead of forwarding it out to WAN interface right away

Step4: restart and save the services

Now we start Squid service and make sure it is added to startup and save the iptables rules

# service squid start
# chkconfig squid on

# service iptables save

Step6: Client Configuration

Screenshot_5

Step6: Log file

Is squid proxy is working correctly?

See access log file /var/log/squid/access.log:
# tail -f /var/log/squid/access.log

Above command will monitor all incoming request and log them to /var/log/squid/access.log file. Now if somebody accessing a website through browser, squid will log information.

 

Note:

Squid Proxy authentication in a transparent mode

You cannot use Squid authentication with a transparently intercepting proxy.

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 1236

0 897

NO COMMENTS

Leave a Reply

Required Captcha *