[squid-users] Looking for a recomendation for tutorial for transparent proxy under Ubuntu
James Lay
jlay at slave-tothe-box.net
Mon Jun 1 17:09:41 UTC 2015
On 2015-06-01 10:40 AM, dkandle wrote:
> I am using Ubuntu 14.04 on a server with multiple NICs. I would like to
> set
> it up as a transparent proxy. I have the router working and I had squid
> working as an explicit proxy (where I set the IP address of the server
> as
> the proxy in my client's browser).
> Is there a good tutorial which covers this set-up? I've tried setting
> the
> iptables as some have advised but it has issues.
> It is not at all clear to me how squid will know which interface faces
> the
> Internet and which faces my client's subnet.
>
> Thanks
>
>
>
> --
> View this message in context:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Looking-for-a-recomendation-for-tutorial-for-transparent-proxy-under-Ubuntu-tp4671472.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
The official tutorials:
http://wiki.squid-cache.org/ConfigExamples#Interception
You'll most likely want:
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
Of interest is the lack of interface specification, so here's what I'm
using on a box that has an internal nic(192.168.1.0/24) and an external
nic(real world external IP):
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport
80 -j REDIRECT --to-port 3128
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport
443 -j REDIRECT --to-port 3129
This redirects traffic from clients coming in on eth0 to Squid listening
process on eth0. If your squid listening process is not on the same
nic, you'll need to use DNAT instead:
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport
80 -j DNAT --to-destination ip.that.squid.listens.on:3128
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport
443 -j DNAT --to-destination ip.that.squid.listens.on:3129
Hope that helps.
James
More information about the squid-users
mailing list