[squid-users] completely transparent Squid

Marko Cupać marko.cupac at mimar.rs
Sat Aug 29 18:34:53 UTC 2015

On Sat, 29 Aug 2015 08:32:47 -0700 (PDT)
Arkantos <221184 at gmail.com> wrote:

> at the moment, i have installed CentOS 7.1.1503 on which Squid 3.3.8
> and Webmin 1.760 are installed.
> i have just initialised the cache. and thats that.
> on the Squid rig, i can access the internet through eth0
> but i am finding it difficult to make the necessary config changes to
> allow eth1 to give out connectivity to other computers.
> i have tried bridging from this site, but it is not working:
> https://sites.google.com/site/ghidit/how-to-2/configure-bridging-on-centos
> i dont know how to move forward.
> What would you suggest?
> please help.

I already suggested, but I'll try to suggest some more. Try to
concentrate on relevant stuff, which your version of Webmin surely
isn't. Actually I'd suggest you get rid of Webmin completely.

You should understand how data flows in transparent proxy. User's
browser generates packet destined to tcp port 80 or 443, but when it
arrives at the router, it redirects it to proxy instead of forwarding
it to the destination web server.

You will need to redirect web requests from your users' ip pool to
squid. In PF syntax this is something like:

users = "{ - }"
squid = "{ }"
unifi_lan = "{ }"

pass in on $unifi_lan proto tcp from $users to any port { 80 443 } \
	rdr-to $squid

Marko Cupać

More information about the squid-users mailing list