jk0.org

Squid Transparent Proxy

November 25, 2006

Having a transparent web proxy cache on your network can be very useful, and is actually a lot easier to setup than most people think when using Squid and Netfilter. This short tutorial assumes that you use Netfilter as your primary gateway on your router.

Squid configuration (/etc/squid/squid.conf):

http_port 127.0.0.1:3128
http_port 10.0.0.1:3128

visible_hostname hostname
cache_mgr admin@email

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

acl lan src 10.0.0.0/8
acl localhost src 127.0.0.1
acl all src 0.0.0.0

http_access allow lan
http_access allow localhost
http_access deny all

redirect_program /usr/lib/squid/bannerfilter/redirector.pl

Redirect all outgoing web requests to the local proxy:

iptables -t nat -A PREROUTING -i ${LAN_INT} -p tcp --dport 80 -j REDIRECT --to-port 3128

Restart the proxy server after saving your configuration and issuing the iptables rule. You will then want to tail -f /var/log/squid/access.log as you visit a web site in your browser to make sure it's working.