Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-29-2004, 11:35 AM   #1
LQ Newbie
Registered: Feb 2004
Location: Graz
Distribution: SuSE 9.0
Posts: 10

Rep: Reputation: 0
transparent proxy with squid problem

Hi there!

I want to build a transparent proxy with squid under SuSE Linux 9.0.
The System first:
eth0: for internal network traffig (ip-addr:, subnetmask:
eth1: for external traffic, complete configuration over DHCP form ISP
All machines should get their ip-configuration form my server, so i set up an DHCPD Server. This works fine. Here the config-file (dhcpd.conf)

option routers;
option broadcast-address;
option domain-name-servers;
# I am not shure if i should use the ISPs DNS here???????
subnet netmask {

so far so good. All clients get an ip-address and an standard gateway, so they try to communicate over my linux box.

Then i set up squid. I first tried with standard config. The result:
When i config the clients browsers to access the internet over a proxy server ( port 3128) everything works great.
But i want to have an transparent proxy, so the clients donīt have to change their configuration.
So i changed in squid.conf (as SuSE Handbook says)
httpd_accel-host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Then i set up the kernel to do ip-forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
and gave it iptables rule
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

And now the problems start:
When i type an ip-address in a clients-browser i get a squid-error page (The requested URL could not be retrieved)
When i type an url, it cannot be resolved

So i think i have some problems with the dns (as mentioned in the dhcp config already)

i think i should add an iptables rule for the dns-servers too, but i donīt know how

Any ideas?
Old 03-29-2004, 05:29 PM   #2
Senior Member
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
You should not have to make a iptables rule for DNS. No forwarding of DNS querries occur in this setup.

My setup at home uses the DNAT target for the transparent proxy thing.
Old 03-30-2004, 08:30 AM   #3
LQ Newbie
Registered: Feb 2004
Location: Graz
Distribution: SuSE 9.0
Posts: 10

Original Poster
Rep: Reputation: 0
thanks for your help, i didn't get out what you ment :-(

but I got another solution.

I set up an caching dns (with bind)
just added my ISPs dns ips in the forward section of named.conf

now I'm getting closer to what i want. Transparent proxy for http works now, everbypdy can surf without knowing about the linux server. (because i just want to log those M$ boxes)

Old 04-19-2004, 03:51 AM   #4
Registered: Oct 2003
Location: Philippines
Distribution: slackware
Posts: 37

Rep: Reputation: 15
i want the same setup with you as a transparent proxy, my problem is when i trying to browse "The requested URL could not be retrieved" appear..i follow your said solution by adding your ISPs dns ip, but im confused where is tje forwarding section in named.conf.

can you please give me a hint to fix and work my transparent proxy just what you did in your proxy?

Old 04-19-2004, 04:06 AM   #5
Senior Member
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
do not change any named config files. just start it. it will work as a caching name server. linux and your clients can use it as a DNS server.
Old 04-19-2004, 10:03 AM   #6
LQ Newbie
Registered: Feb 2004
Location: Graz
Distribution: SuSE 9.0
Posts: 10

Original Poster
Rep: Reputation: 0
In named.conf i have the line

forwarders {;;};

which are the DNS servers of my ISP.

(as line in the options section)

the just start bind and give the ip-address of the caching proxy (and dns) server
as dns - server to your workstations.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
WCCP and Transparent Proxy with Squid tech-ninja Linux - Networking 4 03-29-2005 11:25 AM
Squid as a transparent proxy kemplej Linux - Software 2 12-08-2004 06:00 PM
Squid Transparent Proxy 1jamie Linux - Security 7 09-26-2003 07:09 AM
Squid with Transparent Proxy MarleyGPN Linux - Networking 1 08-28-2003 03:51 PM
squid transparent proxy...... hitesh_linux Linux - Networking 1 06-13-2003 04:24 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:09 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration