How to Setup Squid3 as Transparent Proxy on Ubuntu Server 12.04

in How To, Proxy Server, Ubuntu Server, Uncategorized

Previously I have posted about installation proxy server with squid3 on Ubuntu Server 12.04, on this post I’ll shown How to Set up/Configure Squid3 as Transparent Proxy. by activate squid3 as Transparent Proxy you no longer need to configure all the machines on your network to connect to Squid proxy server manually. All traffic will be routed to the Squid listening port automatically and your Ubuntu Server will act as routers.

Follow the guide Setup Transparent Proxy Server with Squid3 on Ubuntu server 12.04 LTS

Step 1. Make sure squid3 is installed correctly on ubuntu server, you can found tutorial squid3 the installation here

Step 2. Configure  network interfaces with static IP address, on this case proxy server using 2 network card

sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
post-up iptables-restore < /etc/iptables.up.rules
auto eth1
iface eth1 inet static
address 192.168.2.10
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

Step 3. Edit file /etc/squid/squid.conf, add the word “transparent” on “http_port 3128″ 

# NETWORK OPTIONS
# —————
#
http_port 3128 transparent

Change IP address on options “acl localnet src 192.168.1.0/24 # Your network here”

acl localnet src 192.168.2.0/24 # LAN Ip Address

save and exit.

Step 4. Edit /etc/sysctl.conf

sudo nano /etc/sysctl.conf

Replace with configuration below:

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Save and exit

Step 5. define IPTABLE rules for port forwarding with Editing /etc/iptables.up.rules,

sudo nano /etc/iptables.up.rules
*nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.10:3128 -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE COMMIT

Save and exit..

Step 6. Edit /etc/rc.local, and add this script on end of file

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 –o eth0 -j MASQUERADE

Step 7. Restart squid3 and network

sudo /etc/init.d/squid3 restart && sudo /etc/init.d/networking restart

On client set IP address manually:

IP address : 192.168.2.11 
Netmask: 255.255.255.0
Gateway: 192.168.2.10
DNS: 192.168.2.10 # or you can use Google DNS 8.8.8.8, 8.8.8.4;
Advertisement:
  • Shake Chen

    why the client gateway ip is same with IP 

    • Nurhafiz

      client(192.168.2.11) —> squid.server(192.168.2.10) –> WAN

      • squidblacklist

        no idea why you wouldnt make your gateway a .1, but meh, to each his own I guess. But it does confuse newbies. This should make it pretty clear.

        -A PREROUTING -i eth5 -p tcp -m tcp –dport 80 -j DNAT –to-destination 10.10.1.1:3128
        -A PREROUTING -i eth5 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
        -A POSTROUTING -s 10.10.1.0/24 -o eth4 -j MASQUERADE

        WAN: eth4 192.168.1.33
        LAN/DHCP-SERVER/GATEWAY: eth5 10.10.1.1

  • http://www.facebook.com/lester.torres.904 Lester Torres

    when I searched for a iptables.up.rules in the etc file I did not find anything. Do I have to make the fie first?

    • http://twitter.com/squidblacklist –Squidblacklist–

      yes

  • Xavier

    This seems to have worked for me. Thanks!

  • http://twitter.com/squidblacklist –Squidblacklist–

    Well done.

  • grandmaster

    Cannot get HTTPS working through squid!!

  • grandmaster

    Any ideas???

  • grandmaster

    solution: never_direct allow all

  • Belleye

    What are the required changes for a single nic?

  • nullo

    When i give the command post-up iptables-restore < /etc/iptables.up.rules i get as a result -bash: /etc/iptables.up.rules: File or directory does not exist

  • Dave

    i get error “post-up: command not found

  • Suresh

    Hi,

    I am trying with the above settings in two ubnutu PCs. PC1 as proxy and PC2 as client. Both the PCs are connected via crossover cable and PC1 is connected to internet via switch.

    This setup doesnt seems working. PC2 cannot access internet.

    Please suggest.

  • Edward

    is there any screenshot of the result

  • Onofre Gacutan

    how to block proxy application like freegate, ultrasurf etc..

Previous post:

Next post: