Squid Transparent Proxy Configuration
1. Your first step will be to modify your squid.conf to create a transparent proxy.
Prior to version 2.6: In older versions of Squid, transparent proxy was achieved through the use of the httpd_accel options which were originally developed for http acceleration. In these cases, the configuration syntax would be as follows:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Version 2.6 and Beyond: Newer versions of Squid simply require you to add the word "transparent" to the default "http_port 3128" statement. In this example, Squid not only listens on TCP port 3128 for proxy connections, but will also do so in transparent mode.
http_port 3128 transparent
2. Edit the iptables to deal with the connection
# Firewall created by jepoy
*nat
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j SNAT --to 203.189.11.73
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
COMMIT
# Generated by iptables-save v1.3.0 on Tue Oct 11 20:53:45 2005
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -d 0/0 -m state --state NEW -p tcp -m multiport --dport smtp,pop3,imap,6301,443,5100,
13,554,1101,8080,5900,5901,5902 -o eth0 -i eth1 -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -d 0/0 -m state --state NEW -p icmp -o eth0 -i eth1 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth1 -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
Squid Transparent Proxy Configuration
Subscribe to:
Posts (Atom)