[squid-users] Looking for a recomendation for tutorial for transparent proxy under Ubuntu

James Lay jlay at slave-tothe-box.net
Mon Jun 1 17:09:41 UTC 2015


On 2015-06-01 10:40 AM, dkandle wrote:
> I am using Ubuntu 14.04 on a server with multiple NICs. I would like to 
> set
> it up as a transparent proxy. I have the router working and I had squid
> working as an explicit proxy (where I set the IP address of the server 
> as
> the proxy in my client's browser).
> Is there a good tutorial which covers this set-up? I've tried setting 
> the
> iptables as some have advised but it has issues.
> It is not at all clear to me how squid will know which interface faces 
> the
> Internet and which faces my client's subnet.
> 
> Thanks
> 
> 
> 
> --
> View this message in context:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Looking-for-a-recomendation-for-tutorial-for-transparent-proxy-under-Ubuntu-tp4671472.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

The official tutorials:

http://wiki.squid-cache.org/ConfigExamples#Interception

You'll most likely want:

http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat

Of interest is the lack of interface specification, so here's what I'm 
using on a box that has an internal nic(192.168.1.0/24) and an external 
nic(real world external IP):

$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 
80 -j REDIRECT --to-port 3128
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 
443 -j REDIRECT --to-port 3129

This redirects traffic from clients coming in on eth0 to Squid listening 
process on eth0.  If your squid listening process is not on the same 
nic, you'll need to use DNAT instead:

$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 
80 -j DNAT --to-destination ip.that.squid.listens.on:3128
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 
443 -j DNAT --to-destination  ip.that.squid.listens.on:3129

Hope that helps.

James


More information about the squid-users mailing list