LinuxQuestions.org - how to setup squid transparent proxy in centOS 6.4

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - how to setup squid transparent proxy in centOS 6.4 (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-setup-squid-transparent-proxy-in-centos-6-4-a-4175546910/)

how to setup squid transparent proxy in centOS 6.4

i have search over the number of forums about transparent proxy in centOS but i cannot still solve my problem....
someone please explain me in brief about setting up a transparent proxy in my centOS proxy server.
ethernet_internet - 192.168.1.13
ethernet_LAN - 10.180.5.2(as proxy server)

Thank You

So what is not working?

Quote:

Originally Posted by Meren (Post 5385577)

Since you haven't actually told us what problem(s) you're having, what do you think we'll be able to tell you???

And the very first hit in Google for "how to configure squid as a transparent proxy server on centos" is:
http://xmodulo.com/squid-transparent...ntos-rhel.html

Did you try looking this up?

i configured the settings as given below, but when i access internet from client computer(removing the proxy settings from browser) i cannot access internet....but when i set the proxy settings(Address-10.180.5.2 port 3128) i can access the internet....
My aim is to make my proxy server(10.180.5.2) as transparent so that i don't have to configure proxy on client browser
iptables
*filter
:INPUT ACCEPT [86:39104]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [77:37515]
-A INPUT -s 10.180.5.2/32 -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -s 10.0.0.0/8 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -s 10.180.5.2/32 -i eth1 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [76:6891]
:POSTROUTING ACCEPT [8:2751]
:OUTPUT ACCEPT [8:2751]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.180.5.2:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
COMMIT

squid.conf
acl mylan src 10.180.5.2/32
http_access allow mylan
http_access deny all
http_port 3128 intercept

Quote:

Originally Posted by Meren (Post 5386005)

i configured the settings as given below, but when i access internet from client computer(removing the proxy settings from browser) i cannot access internet....but when i set the proxy settings(Address-10.180.5.2 port 3128) i can access the internet....My aim is to make my proxy server(10.180.5.2) as transparent so that i don't have to configure proxy on client browser
iptables
*filter
:INPUT ACCEPT [86:39104]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [77:37515]
-A INPUT -s 10.180.5.2/32 -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -s 10.0.0.0/8 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -s 10.180.5.2/32 -i eth1 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [76:6891]
:POSTROUTING ACCEPT [8:2751]
:OUTPUT ACCEPT [8:2751]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.180.5.2:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
COMMIT

squid.conf
acl mylan src 10.180.5.2/32
http_access allow mylan
http_access deny all
http_port 3128 intercept

Ok, so everything is working exactly like it should. What's the problem??? A transparent proxy is one that the user doesn't know is there, but you are going to have to tell your systems to USE IT somehow. Either push down a proxy PAC file, or do a redirection in your router somehow. Sitting the box on the network won't just make it work...you have to route the traffic through the server.

Quote:

Originally Posted by Meren (Post 5386005)

-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.180.5.2:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128

Why the second rule?