Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 08-03-2006, 06:24 AM   #1
LQ Newbie
Registered: Jan 2006
Posts: 4

Rep: Reputation: 0
Urgent and imp. Making Squid 2.6 stable as tranpsarent proxy

Dear All.
I wanted to make a request to help from all of you guys.
Actually i work for an organization, where Squid is used as Transparent proxy,
Static Ip's have been assigned for the Clients, so here no need for Nating or Masquerading, but just Tranparent proxying is required,
I have tested Squid 2.6 stable 2 as Tranparent proxy as testing on a single network and it works fine.
with this configuration
[http_port transparent
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward]
and this works for a single network as Tranparent proxy
means all clients having Ips [192.168.254.x] use the as gateway and their request is fullfilled,
but now the demand is that
the client should use the 192.168.253.x and squid should use the , ie. different Networks [here again, no Nating is required simply tranparent proxy].
I have created another virtual interface of squid server having ip and forwarded the user's requests to it.
But it doesn't work , i think there is some problem with the iptalbes.
[Remember that in the squid 2.5 the tranparent proxy features were
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on]
and these all have been deprecated in the Squid 2.6 stable 2.
{in the private networks shown above, u can also consider to be subsituted the Real IP, i have replaced them. coz i m still testing it.}

So, plz help me out for this task.

Thanks a lot.
Shoaib Akbar.
JNE WOL Lahore.
Old 08-03-2006, 07:47 AM   #2
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 676
Blog Entries: 7

Rep: Reputation: 32
I think you might need to clarify more...I mean if the clients are directly connected to the squid server y would you want them on diff networks..however if you use Prerouting can route all the requests from the client network to squid.

You said : "But it doesn't work , i think there is some problem with the iptalbes. "

Maybe it would help if you post your iptables
Old 08-03-2006, 08:14 AM   #3
LQ Newbie
Registered: Jan 2006
Posts: 4

Original Poster
Rep: Reputation: 0
The situation is this that we are using two different network classess
one is 202.x.x.x and assign the users Dynamic ip form this range (used as uplink to for requests)
and the other network is 80.x.x.x, we are using only one and one ip from this class [we actually use this network classs for downlink i.e. DVB] and then the user's request is forwarded by the 202.x.x.x ip but it comes back through satellite link through 80.x.x.x and we are using NAT in the squid server as well.

this is my /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

and i m using this command in my /etc/rc.local

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward
Old 08-03-2006, 08:17 AM   #4
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
For transparent proxying using a REDIRECT rule, squid should only listen on


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 11:25 AM
configure squid proxy with microsoft proxy as a parent proxy nintykola Linux - Software 1 08-28-2007 01:38 AM
FreeBSD Making my Software stable MA_D *BSD 4 04-18-2005 09:14 AM
how can i upgrade my squid 2.5 stable 1 to stable 3 in RH9? debloxie Linux - Networking 0 05-12-2004 08:49 PM
how can i upgrade my squid 2.5 stable 1 to stable 3 in RH9? debloxie Linux - Networking 0 05-12-2004 11:25 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:46 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration