How to Setup Squid3 as Transparent Proxy on Ubuntu Server 12.04

Previously I have posted about installation proxy server with squid3 on Ubuntu Server 12.04, on this post I’ll shown How to Set up/Configure Squid3 as Transparent Proxy. by activate squid3 as Transparent Proxy you no longer need to configure all the machines on your network to connect to Squid proxy server manually. All traffic will be routed to the Squid listening port automatically and your Ubuntu Server will act as routers.

Follow the guide Setup Transparent Proxy Server with Squid3 on Ubuntu server 12.04 LTS

Step 1. Make sure squid3 is installed correctly on ubuntu server, you can found tutorial squid3 the installation here

Step 2. Configure  network interfaces with static IP address, on this case proxy server using 2 network card

sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
post-up iptables-restore < /etc/iptables.up.rules
auto eth1
iface eth1 inet static

Step 3. Edit file /etc/squid/squid.conf, add the word “transparent” on “http_port 3128” 

# —————
http_port 3128 transparent

Change IP address on options “acl localnet src # Your network here”

acl localnet src # LAN Ip Address

save and exit.

Step 4. Edit /etc/sysctl.conf

sudo nano /etc/sysctl.conf

Replace with configuration below:


Save and exit

Step 5. define IPTABLE rules for port forwarding with Editing /etc/iptables.up.rules,

sudo nano /etc/iptables.up.rules
*nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -s -o eth0 -j MASQUERADE COMMIT

Save and exit..

Step 6. Edit /etc/rc.local, and add this script on end of file

iptables -t nat -A POSTROUTING -s –o eth0 -j MASQUERADE

Step 7. Restart squid3 and network

sudo /etc/init.d/squid3 restart && sudo /etc/init.d/networking restart

On client set IP address manually:

IP address : 
DNS: # or you can use Google DNS,;

Tags: #Proxy Server #Squid3 #Transparent Proxy

  • Shake Chen

    why the client gateway ip is same with IP 

    • Nurhafiz

      client( —> squid.server( –> WAN

      • squidblacklist

        no idea why you wouldnt make your gateway a .1, but meh, to each his own I guess. But it does confuse newbies. This should make it pretty clear.

        -A PREROUTING -i eth5 -p tcp -m tcp –dport 80 -j DNAT –to-destination
        -A PREROUTING -i eth5 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
        -A POSTROUTING -s -o eth4 -j MASQUERADE

        WAN: eth4

  • Lester Torres

    when I searched for a iptables.up.rules in the etc file I did not find anything. Do I have to make the fie first?

    • –Squidblacklist–


  • Xavier

    This seems to have worked for me. Thanks!

  • –Squidblacklist–

    Well done.

  • grandmaster

    Cannot get HTTPS working through squid!!

  • grandmaster

    Any ideas???

  • grandmaster

    solution: never_direct allow all

  • Belleye

    What are the required changes for a single nic?

  • nullo

    When i give the command post-up iptables-restore < /etc/iptables.up.rules i get as a result -bash: /etc/iptables.up.rules: File or directory does not exist

    • Giorgos

      Same here! I don’t know what that command is for.

  • Dave

    i get error “post-up: command not found

  • Suresh


    I am trying with the above settings in two ubnutu PCs. PC1 as proxy and PC2 as client. Both the PCs are connected via crossover cable and PC1 is connected to internet via switch.

    This setup doesnt seems working. PC2 cannot access internet.

    Please suggest.

  • Edward

    is there any screenshot of the result

  • Onofre Gacutan

    how to block proxy application like freegate, ultrasurf etc..

  • Guest1000

    I am behind a corporate proxy with authentication. Pl let me know if I can set up squid running on my desktop as a transparent proxy to route http/https traffic through the corporate proxy with automatic
    authentication. Thanks!

  • Arjuna_King

    gotta try this one!

Must read×