LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-19-2014, 09:22 AM   #1
ncage
Member
 
Registered: Mar 2003
Posts: 32

Rep: Reputation: 1
Question Help Setup Squid Transparent Proxy


Hi Everyone. I just setup squid yesterday which was on top of the newest version of debian that i just installed. Well at first i installed squid and then found out there was a squid3 so i installed that. The only thing i changed in the squid.config so that everyone on the network could connect was the following:

http_access deny all

to http_access allow all.

Which worked perfectly. When i entered the proxy manually everything was able to connect perfectly. I had two issues:

1. I wanted to force everything to go through the proxy. So essentially if you didn't go through the proxy you couldn't connect to the internet.

2. Some devices i have don't have proxy settings to configure.

In this example say the ip of my squid server is 192.168.1.55

So i configured my router to pass out 192.168.1.155 as the default gateway rather than the routers ip (dhcp).

Second i followed the following article:
http://www.tuxradar.com/answers/432

so i changed
http_port 3128
to
http_port 80 transparent

then i removed my proxy settings from my clients and watched the log live to make sure everything was going through the proxy and nothing was. And yes i did the simple things like restarting the squid service. I see a lot of blogs that try to use iptables to route port 80 traffic to say 3128 port of the proxy but since i changed the port of the proxy to port 80 i think it would work just like in the referenced article above. Can anyone offer some advice. Any help would be appreciated
 
Old 06-19-2014, 12:19 PM   #2
kaushalpatel1982
Member
 
Registered: Aug 2007
Location: INDIA
Distribution: CentOS, RHEL, Fedora, Debian, Ubuntu, LinuxMint, Kali Linux, Raspbian
Posts: 166

Rep: Reputation: 10
ncage,

When you configure transparent proxy, it means the squid proxy should be Default Gateway of the clients. in your case you have configure some other IP address.

Second, There is no issue on which port your squid is running on. Just configure iptables to redirect all 80 port traffic coming from client to your squid proxy port. EG. :

iptables -t nat -A PREROUTING -s <yournetwork> -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 80

test configuration without configuring proxy in browser. if it is success then save iptables configuration.

Best of Luck
 
Old 06-19-2014, 12:52 PM   #3
ncage
Member
 
Registered: Mar 2003
Posts: 32

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by kaushalpatel1982 View Post
ncage,

When you configure transparent proxy, it means the squid proxy should be Default Gateway of the clients. in your case you have configure some other IP address.

Second, There is no issue on which port your squid is running on. Just configure iptables to redirect all 80 port traffic coming from client to your squid proxy port. EG. :

iptables -t nat -A PREROUTING -s <yournetwork> -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 80

test configuration without configuring proxy in browser. if it is success then save iptables configuration.

Best of Luck

Hi and thanks for the reply. Well actually i set the router to return the proxy servers ip address as the default gateway. So say the router is 192.168.1.1 and the proxy server is 192.168.1.55. When my clients grab an ip address (dhcp) their gateway will be 191.168.1.55. So the gateway for all the clients is the proxy server. So if glance at article i referenced they said they were able to configure it without using iptables. Since the browser by default will be sending all http traffic over port 80 and the proxy server port is also 80 shouldn't it just all work?

As an aside, if i go the iptables route will i also have to add port 443 (for SSL)?
 
Old 06-19-2014, 06:28 PM   #4
ncage
Member
 
Registered: Mar 2003
Posts: 32

Original Poster
Rep: Reputation: 1
Well in the end up ended up giving up. Why? Because routing SSL traffice through a transparent proxy is a lot harder. SSL is finicky (which it should be) and resist changing header information (the proxy would essential be a type of man-in-the-middle attack). http://www.rahulpahade.com/content/s...over-ssl-https.

Yes i'm sure its doable if i want to spend the time but right now i don't. First of all i already have a non-linux DNS on my network and i really don't want to switch to BIND.

So unfortunately i can't force everything like i wanted but at least i'll setup everything by default to go through it.
 
  


Reply

Tags
proxy


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid as Transparent Proxy soumalya Linux - Server 16 01-22-2014 10:03 AM
[SOLVED] Transparent proxy squid 3.1 uk.engr Linux - Newbie 13 07-03-2012 08:42 AM
help with transparent squid proxy setup keevill Linux - Networking 7 09-23-2011 06:33 PM
LXer: Linux Setup a transparent proxy with Squid in three easy steps LXer Syndicated Linux News 0 05-27-2006 03:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration