Make Transparent Proxy With Squid on Linux (Ubuntu 9.10)

On Jan 18, 2010 1 comments

To make a transparent proxy you need to redirect all port that you want to squid port. This article will guide you to make a transparent proxy server on Ubuntu 9.10. First thing you need to do are installing squid on your computer that will become a proxy server. You can install it with apt-get command, like this :

$ sudo apt-get install squid

Then you need to configure your squid. Open your squid file configuration :

$ sudo /etc/squid/squid.conf

Add this line on http_port tag (under “# Squid normally listens to port 3128") :

http_port 3128 transparent

And then make your own rules. In this example I will only use the minimal configuration. Add this line to define the network (LAN) and permit the network use the squid proxy :

acl src LAN
http_access allow LAN
icp_access allow LAN

Save the squid configuration file and restart the squid to make the changes take effect. You can restart squid with this command :

$ sudo service squid restart

That minimal configuration will make squid run, But not transparent yet. To make it transparent you need to configure your iptables. You need to make a iptables configuration file on your gateway, like this (assume your proxy server is on IP :

$ sudo vi /etc/iptables.conf

then write this on that file :

# Completed on Sat May 30 15:59:04 2009
# Generated by iptables-save v1.4.0 on Sat May 30 15:59:04 2009
[2:120] -A PREROUTING -s -p tcp -m tcp --dport 80 -j DNAT --to-destination
[0:0] -A PREROUTING -s -p tcp -m tcp --dport 81 -j DNAT --to-destination
[0:0] -A PREROUTING -s -p tcp -m tcp --dport 8080 -j DNAT --to-destination
[0:0] -A PREROUTING -s -p tcp -m tcp --dport 3128 -j DNAT --to-destination

Save your iptables configuration file. and then make another file so your iptables will always load when your computer boot. Make The file :

$ sudo vi /etc/init.d/iptables

Write on that file :

#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables-restore < /etc/iptables.conf

Save the file, and make it executable :

$ sudo chmod +x /etc/init.d/iptables

$ update-rc.d iptables defaults

You may need to reboot your computer to make it work. Well done, now your transparent proxy is ready to use.


Squidblacklist said...

Great article! Only one problem, Free Blacklists Suck!

We specialize in serving intelligent network administrators high quality blacklists for effective, targeted inline web filtering.
There is a demand for a better blacklist. And with few alternatives available, we intend to fill that gap.

It would be our pleasure to serve you,


Benjamin E. Nichols

Post a Comment