How to Setup Squid3 as Transparent Proxy on Ubuntu Server 12.04

Previously I have posted about installation proxy server with squid3 on Ubuntu Server 12.04, on this post I’ll shown How to Set up/Configure Squid3 as Transparent Proxy. by activate squid3 as Transparent Proxy you no longer need to configure all the machines on your network to connect to Squid proxy server manually. All traffic will be routed to the Squid listening port automatically and your Ubuntu Server will act as routers.

Follow the guide Setup Transparent Proxy Server with Squid3 on Ubuntu server 12.04 LTS

Step 1. Make sure squid3 is installed correctly on ubuntu server, you can found tutorial squid3 the installation here

Step 2. Configure  network interfaces with static IP address, on this case proxy server using 2 network card

sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
post-up iptables-restore < /etc/iptables.up.rules
auto eth1
iface eth1 inet static
address 192.168.2.10
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

Step 3. Edit file /etc/squid/squid.conf, add the word “transparent” on “http_port 3128″ 

# NETWORK OPTIONS
# —————
#
http_port 3128 transparent

Change IP address on options “acl localnet src 192.168.1.0/24 # Your network here”

acl localnet src 192.168.2.0/24 # LAN Ip Address

save and exit.

Step 4. Edit /etc/sysctl.conf

sudo nano /etc/sysctl.conf

Replace with configuration below:

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Save and exit

Step 5. define IPTABLE rules for port forwarding with Editing /etc/iptables.up.rules,

sudo nano /etc/iptables.up.rules
*nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.10:3128 -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE COMMIT

Save and exit..

Step 6. Edit /etc/rc.local, and add this script on end of file

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 –o eth0 -j MASQUERADE

Step 7. Restart squid3 and network

sudo /etc/init.d/squid3 restart && sudo /etc/init.d/networking restart

On client set IP address manually:

IP address : 192.168.2.11 
Netmask: 255.255.255.0
Gateway: 192.168.2.10
DNS: 192.168.2.10 # or you can use Google DNS 8.8.8.8, 8.8.8.4;

Tags: #Proxy Server #Squid3 #Transparent Proxy

  1. author

    Shake Chen3 years ago

    why the client gateway ip is same with IP 

    Reply
    • author

      Nurhafiz3 years ago

      client(192.168.2.11) —> squid.server(192.168.2.10) –> WAN

      Reply
      • author

        squidblacklist2 years ago

        no idea why you wouldnt make your gateway a .1, but meh, to each his own I guess. But it does confuse newbies. This should make it pretty clear.

        -A PREROUTING -i eth5 -p tcp -m tcp –dport 80 -j DNAT –to-destination 10.10.1.1:3128
        -A PREROUTING -i eth5 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
        -A POSTROUTING -s 10.10.1.0/24 -o eth4 -j MASQUERADE

        WAN: eth4 192.168.1.33
        LAN/DHCP-SERVER/GATEWAY: eth5 10.10.1.1

        Reply
  2. author

    Lester Torres2 years ago

    when I searched for a iptables.up.rules in the etc file I did not find anything. Do I have to make the fie first?

    Reply
  3. author

    Xavier2 years ago

    This seems to have worked for me. Thanks!

    Reply
  4. author

    --Squidblacklist--2 years ago

    Well done.

    Reply
  5. author

    grandmaster2 years ago

    Cannot get HTTPS working through squid!!

    Reply
  6. author

    grandmaster2 years ago

    Any ideas???

    Reply
  7. author

    grandmaster2 years ago

    solution: never_direct allow all

    Reply
  8. author

    Belleye2 years ago

    What are the required changes for a single nic?

    Reply
  9. author

    nullo2 years ago

    When i give the command post-up iptables-restore < /etc/iptables.up.rules i get as a result -bash: /etc/iptables.up.rules: File or directory does not exist

    Reply
  10. author

    Dave2 years ago

    i get error “post-up: command not found

    Reply
  11. author

    Suresh2 years ago

    Hi,

    I am trying with the above settings in two ubnutu PCs. PC1 as proxy and PC2 as client. Both the PCs are connected via crossover cable and PC1 is connected to internet via switch.

    This setup doesnt seems working. PC2 cannot access internet.

    Please suggest.

    Reply
  12. author

    Edward1 year ago

    is there any screenshot of the result

    Reply
  13. author

    Onofre Gacutan1 year ago

    how to block proxy application like freegate, ultrasurf etc..

    Reply
  14. author

    Guest10008 months ago

    I am behind a corporate proxy with authentication. Pl let me know if I can set up squid running on my desktop as a transparent proxy to route http/https traffic through the corporate proxy with automatic
    authentication. Thanks!

    Reply

Leave a reply "How to Setup Squid3 as Transparent Proxy on Ubuntu Server 12.04"

Must read×

Top