Skip to main content

How to configure Transparent Squid Proxy on Linux

Transparent proxy concept is one of the nice concept with which we can avoid configuring clients for proxy. And it is not much hard to implement also.

The basic steps are as follows in Fedora 8 to configure that as a firewall router with a transparent proxy.

1. Install fedora with web server feature enabled and go to its sub items and make sure Squid 2.6 is selected.
2. Take the terminal window and edit the file squid.conf file using the command
vi /etc/sysconfig/squid.conf
3. Find out the following lines in squid.conf file and remove ‘#’ from the beginning of files and edit those lines as follows
http_access allow all
cache_mem 8 MB
cache_dir ufs /usr/local/squid/var/cache 100 16 256
http_port 192.168.10.1:3128 transparent

# Assumes that 192.168.10.1 is the ip addresses of your LAN Ethernet interface
always_direct allow all
4. Save the file & exit (by pressing ‘Esc’ + ‘:wq’)
5. To enable routing, edit the ‘sysctl.conf’ file as follows
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

6. Save the file & exit (by pressing ‘Esc’ + ‘:wq’)
7. Edit firewall rules by typing the following commands in the console (Assuming that eth0 is WAN and eth1 is your LAN interface)
iptables –F
iptables –t nat –F
iptables –t nat –X
iptables –t mangle –F
iptables –t mangle –X
iptables –P INPUT DROP
iptables –P OUTPUT ACCEPT
iptables –A INPUT –i lo –j ACCEPT
iptables –A OUTPUT –o lo –j ACCEPT
iptables –A FORWARD –i eth1 -j ACCEPT
iptables –A OUTPUT –o eth1 –j ACCEPT
iptables -A INPUT -p tcp -i eth1 -m tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables –t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables –t nat -A POSTROUTING -o eth0 -j MASQUERADE


8. Save iptables by ‘service iptables save’ command
9. Wonderful, our configuration is over.
10. Create Swap directories for squid by typing the command ‘/usr/sbin/squid -z’ in the console.
11. Start squid service by the command ‘service squid start’
12. Restart iptables by the command ‘service iptables restart’

The above configuration makes your Linux also secured router and only SSL is accessible through LAN and WAN as well as SQUID service is accessible through LAN.

You don’t need to do any proxy configuration in client.

You can see the performance for frequently accessed web pages and you don’t need to run and configure proxy on all the client machines you have. Remind the quote of Blue coat – “I Love Proxy”. Study more based on this document and Fine tune your product as productive as you can for your organization.

Note: This will cache request of http Web Pages only and proxy authentication won’t work with transparent proxy.


Feedbacks: We appreciate your feedbacks and suggestions about our website bala@techgyaan.org
Check out . Follow @techgyaan

Comments

  1. Ok then i will try to use this way to install the proxy
    Voice and Data Integration

    ReplyDelete
  2. i tried configure transparent proxy using above tutorial in fedora 10.transparent proxy is not working normal proxy is working.above tutorial is working with fedora also.please help regarding configure fedora 10 as transparent proxy.

    regards,
    Hari
    sada_ind@yahoo.co.in

    ReplyDelete
  3. I have tried for a month to run transparent squid 2.6 but failed . I also don't have experienced somebody to help me to run it . But writing "How to configure Transparent Squid Proxy on Linux" has made me successful .
    I have about been dishearted when I have been unable to make transparent pxoxy also. Thanks a lot and really grateful to the writer of the writing for writing this great articale . My operating system is Red Hat Enterprize Linux 5 .
    Md. Jamal uddin
    Phone :01721400900
    Uttara , Dhaka , Bangladesh .
    Email:shourov_008@yahoo.com

    ReplyDelete

Post a Comment

Popular posts from this blog

Download of the Day!

Amarok 2.0.2 has released Amarok is an open source alternative music player for iTunes. Amarok supports Linux, Unix, MacOSX and windows Operating system. It is smiliar to iTunes just drag & drop the songs to play list. Amarok also lets you listen to internet radio ( mp3 streaming ) including music from last.fm . Features Automatic cover Lyrics download Dynamic playlists Visualizations and Podcasting. These are only some of the great new features of Amarok 2. Give it a try! Download here An least but not last - Amarok will also synchronize your music to your iPod. For the more technical users a scripting interface allows you to extend the functionality of Amarok. Print Page Feedbacks: We appreciate feedbacks and suggestions about our website info@techgyaan.org

How to install WebLogic 8 on Solaris 10

Lets start the installation Login to solaris box use sudo command to install the application. $ ./server814_solaris32.bin Extracting 0%……………………………………………………………………………………….100% Unable to instantiate GUI, defaulting to console mode. Welcome: ——– ————— This installer will guide you through the installation of WebLogic Server 8.1 SP4. Type “ Next” or enter to proceed to thenext prompt. If you want to change data entered previously, type “Previous”. You may quit the installer at any time by typing “ Exit”. Enter [Exit][Next]> BEA Systems License Agreement: —————————— BEA SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT USE OF SOFTWARE ORDERED FROM BEA SYSTEMS, INC. (”BEA”) IS PROVIDED ONLY UNDER LICENSE FROM BEA. PLEASE READ THE FOLLOWING LICENSE CAREFULLY AND INDICATE YOUR ACCEPTANCE BY CLICKING THE ACCEPTANCE BOX. CERTAIN CAPITALIZED TERMS ARE DEFINED IN SECTION 11. 1. LICENSE TERMS a. Workshop Free Use. The terms of this Section 1(a) are applicable to you if you h...

Sysadmin Daily Commands

Some of these commands are used by unix/linux administrator in his/her day-to-day activities  cat to concatenate files to standard output chgrp to change file group ownership chmod to change file access permissions chown to change file owner and group cp to copy files and directories date to print or set the system data and time dd to convert and copy a file df to report filesystem disk space usage dmesg to print or control the kernel message buffer echo to display a line of text hostname to show or set the system's host name kill to send signals to processes ln to make links between files login to begin a session on the system ls to list directory contents mkdir to make directories mknod to make block or character special files more to page through text mount to mount a filesystem mv to move/rename files ps to report process status pwd to print na...