Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:

How to Install Squid in Transparent Proxy mode on FC3

by Andrea Maurizio Gnerre on Jan 11, 2005

This document comes with no warranty! Use at your risk!

(but it seems to work fine ;-)

Assuming that you're using the official FC3 kernel, here is the procedure:

1) Check that you have ip forwarding enabled in /etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux
# For binary values, 0 is disabled, 1 is enabled.See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 <-- This value should be set to 1

2) Add the following lines to squid.conf

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

3) Look at the http_access directive. The default is usually ``http_access deny all''. This will prevent anyone from accessing squid. For now, you can change this to ``http_access allow all'', but once it is working, you will probably want to read the directions on ACLs (Access Control Lists), and setup the cache such that only people on your local network (or whatever) can access the cache. This may seem silly, but you should put some kind of restrictions on access to your cache.

4) Initialize the cache directories with ``squid -z'' (if this is a not a new installation of squid, you should skip this step).

5) To setup the iptables rules for transparent proxying, you will need to know two things, the interface that the to-be-proxied requests are coming in on (I'll use eth0 as an example) and the port squid is running on (I'll use the default of 3128 as an example).

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

6) Check that the iptables is using the correct configuration by entering:

iptables -t nat -L

You should see something like this:

target  prot opt source    destination
REDIRECT tcp -- anywhere   anywhere     tcp dpt:http redir ports 3128

7) Start squid and test the configuration.

Set your squid box as gateway on another computer and you should be able to surf the internet!!

If it's true, your transparent proxy is working fine! so...proceed to step 8)

8) Save iptables rules by entering:

iptables-save > /etc/sysconfig/iptables

this will overwrite your existing iptables configuration by storing the rules that are shown by /etc/init.d/iptables status

9) Try to reboot and everything should be ok! :-)

- Daniel Kiracofe Transparent Proxy mini-HOWTO