Transparent proxy concept is one of the nice concept with which we can avoid configuring clients for proxy. And it is not much hard to implement also.
The basic steps are as follows in Fedora 8 to configure that as a firewall router with a transparent proxy.
1. Install fedora with web server feature enabled and go to its sub items and make sure Squid 2.6 is selected.
2. Take the terminal window and edit the file squid.conf file using the command
3. Find out the following lines in squid.conf file and remove ‘#’ from the beginning of files and edit those lines as follows
# Assumes that 192.168.10.1 is the ip addresses of your LAN Ethernet interface
4. Save the file & exit (by pressing ‘Esc’ + ‘:wq’)
5. To enable routing, edit the ‘sysctl.conf’ file as follows
6. Save the file & exit (by pressing ‘Esc’ + ‘:wq’)
7. Edit firewall rules by typing the following commands in the console (Assuming that eth0 is WAN and eth1 is your LAN interface)
8. Save iptables by ‘service iptables save’ command
9. Wonderful, our configuration is over.
10. Create Swap directories for squid by typing the command
11. Start squid service by the command
12. Restart iptables by the command
The above configuration makes your Linux also secured router and only SSL is accessible through LAN and WAN as well as SQUID service is accessible through LAN.
You don’t need to do any proxy configuration in client.
You can see the performance for frequently accessed web pages and you don’t need to run and configure proxy on all the client machines you have. Remind the quote of Blue coat – “I Love Proxy”. Study more based on this document and Fine tune your product as productive as you can for your organization.
Note: This will cache request of http Web Pages only and proxy authentication won’t work with transparent proxy.
Feedbacks: We appreciate your feedbacks and suggestions about our website bala@techgyaan.org
Check out Bala's Google+ profile. Follow @techgyaan
The basic steps are as follows in Fedora 8 to configure that as a firewall router with a transparent proxy.
1. Install fedora with web server feature enabled and go to its sub items and make sure Squid 2.6 is selected.
2. Take the terminal window and edit the file squid.conf file using the command
vi /etc/sysconfig/squid.conf3. Find out the following lines in squid.conf file and remove ‘#’ from the beginning of files and edit those lines as follows
http_access allow all
cache_mem 8 MB
cache_dir ufs /usr/local/squid/var/cache 100 16 256
http_port 192.168.10.1:3128 transparent# Assumes that 192.168.10.1 is the ip addresses of your LAN Ethernet interface
always_direct allow all4. Save the file & exit (by pressing ‘Esc’ + ‘:wq’)
5. To enable routing, edit the ‘sysctl.conf’ file as follows
vi /etc/sysctl.conf
net.ipv4.ip_forward = 16. Save the file & exit (by pressing ‘Esc’ + ‘:wq’)
7. Edit firewall rules by typing the following commands in the console (Assuming that eth0 is WAN and eth1 is your LAN interface)
iptables –F
iptables –t nat –F
iptables –t nat –X
iptables –t mangle –F
iptables –t mangle –X
iptables –P INPUT DROP
iptables –P OUTPUT ACCEPT
iptables –A INPUT –i lo –j ACCEPT
iptables –A OUTPUT –o lo –j ACCEPT
iptables –A FORWARD –i eth1 -j ACCEPT
iptables –A OUTPUT –o eth1 –j ACCEPT
iptables -A INPUT -p tcp -i eth1 -m tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables –t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables –t nat -A POSTROUTING -o eth0 -j MASQUERADE8. Save iptables by ‘service iptables save’ command
9. Wonderful, our configuration is over.
10. Create Swap directories for squid by typing the command
‘/usr/sbin/squid -z’ in the console.11. Start squid service by the command
‘service squid start’12. Restart iptables by the command
‘service iptables restart’The above configuration makes your Linux also secured router and only SSL is accessible through LAN and WAN as well as SQUID service is accessible through LAN.
You don’t need to do any proxy configuration in client.
You can see the performance for frequently accessed web pages and you don’t need to run and configure proxy on all the client machines you have. Remind the quote of Blue coat – “I Love Proxy”. Study more based on this document and Fine tune your product as productive as you can for your organization.
Note: This will cache request of http Web Pages only and proxy authentication won’t work with transparent proxy.
Feedbacks: We appreciate your feedbacks and suggestions about our website bala@techgyaan.org
Check out Bala's Google+ profile. Follow @techgyaan
Ok then i will try to use this way to install the proxy
ReplyDeleteVoice and Data Integration
i tried configure transparent proxy using above tutorial in fedora 10.transparent proxy is not working normal proxy is working.above tutorial is working with fedora also.please help regarding configure fedora 10 as transparent proxy.
ReplyDeleteregards,
Hari
sada_ind@yahoo.co.in
I have tried for a month to run transparent squid 2.6 but failed . I also don't have experienced somebody to help me to run it . But writing "How to configure Transparent Squid Proxy on Linux" has made me successful .
ReplyDeleteI have about been dishearted when I have been unable to make transparent pxoxy also. Thanks a lot and really grateful to the writer of the writing for writing this great articale . My operating system is Red Hat Enterprize Linux 5 .
Md. Jamal uddin
Phone :01721400900
Uttara , Dhaka , Bangladesh .
Email:shourov_008@yahoo.com