[squid-users] Need help setting up DD-WRT router to use Squid as a transparent proxy
Amos Jeffries
squid3 at treenet.co.nz
Sun Jan 19 09:33:16 UTC 2020
On 16/01/20 9:30 pm, Robert Marshall wrote:
> Hi all,
>
> I'm trying to set up a transparent proxy on my network so that all
> devices are forced to use Squid/SquidGuard for network traffic, and can
> filter out undesirable destinations.
>
> I have Squid/SquidGuard running on a Raspberry Pi 4, running the latest
> release of Raspian Buster. The route is a D-Link DIR-860L, flashed with
> the 01/14/20 build of DD-WRT. I tried using the instructions at DD-WRT.
> But, am running into problems.
What Instructions? If they are telling you to "port forward" or NAT
traffic to wards a separate Squid *machine* they are outdated and now wrong.
<https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat>
Note that traffic MUST only have the NAT performed on the Squid machine.
Any use of DNAT (aka port forwarding) results in the problem you are seeing.
Last time I setup devices like DD-WRT the UI only provided a "DMZ
server" option. If you cannot do Policy Routing for only the port 80 or
443 traffic on the DD-WRT device then the DMZ equivalent may be used
instead.
Either way you need correct and separate routing and NAT rules for
traffic arriving at the Squid machine to send the appropriate
connections to Squid and anything else to its proper destination.
Amos
More information about the squid-users
mailing list