Apr 28, 2011

How to install Squid Transparent Proxy?

1 : In Daemon squid conf file give entry of transparent like this
# Squid normally listens to port 3128

http_port 3128 transparent
save the config file .

2: Use the following command to see Access Control List and Object

grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
URLs output should be like this

acl all src

acl manager proto cache_object

acl localhost src

acl to_localhost dst

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http


http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

redirect_program /usr/bin/squidGuard -c /etc/squid/squidguard.conf

acl our_networks src

http_access allow our_networks

http_access deny all

icp_access allow all

http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

access_log /var/log/squid/access.log squid

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

visible_hostname testclient

coredump_dir /var/spool/squid
In this scenario i have allow my network

3: Make the rules in iptable.
Create a script in which you define the rules as i copy the following script through internet and make a little bit changing in it and run the script
first of all i create a file in
through Vi command and paste the following script in it.

#squid server IP


# Interface connected to Internet


# Interface connected to LAN


# Squid port



# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack support

modprobe ip_conntrack

#modprobe ip_conntrack_ftp

# For win xp ftp client

#modprobe ip_nat_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward

# Setting default filter policy

iptables -P INPUT DROP


# Unlimited access to loop back

now run this script like that

it will run my script of rules.......
now restart squid
       /etc/init.d/squid restart
On client setting with no proxy use yours system ip as a dafault gateway on client machine.

Source: http://www.learnacad.com/linux/centos/120-transparent-proxy.html

No comments: