Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 11-30-2013, 05:17 AM   #1
Registered: Jul 2012
Posts: 139

Rep: Reputation: Disabled
Problem in setting up Transparent Proxy

I have installed squid3 in a virtual machine.

Physical host has only one NIC (eth0) and I have created that a bridge(br0) interface. I have used that bridge interface with the VM.

IP of physical host:
IP of virtual guest:

I have enabled ip forwarding using sysctl and entered "http_port 3128 transparent" line in the squid conf file.

I have added these iptables rules on host machine:
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j DNAT --to-destination

iptables -t nat -A POSTROUTING -o br0 -s -d -j SNAT --to

iptables -A FORWARD -p tcp -s -d -i br0 -o br0 -m --state NEW,ESTABLISHED,RELATED -p tcp --dport 3128 -j ACCEPT

iptables -A FORWARD -p tcp -d -s -i br0 -o br0 -m --state NEW,ESTABLISHED,RELATED -p tcp --sport 3128 -j ACCEPT
But request is not reaching the proxy server. I have checked at "/var/log/squid3/access.log".

Also, after setting these rules I can't ping the proxy

Can anyone help me in this regard.
Old 12-02-2013, 02:14 AM   #2
Registered: Jan 2007
Location: Alberta Canada
Distribution: Fedora/Redhat/CentOS
Posts: 70

Rep: Reputation: 19
From your statement "request is not reaching the proxy server", I suspect you have not port forwarded port 80 from the LAN's default gateway to the proxy server's IP address.

Since your proxy only has a single NIC, it cannot be your default gateway for LAN to Internet, so you must have a router of some sort. For web traffic to go through the proxy, the router must re-direct all http and https requests on its LAN side to the proxy. Look for the port forwarding config on your router and add rules to send all LAN port 80 (and 443 for https) to the proxy at You may also want to add rules to the router's firewall to only allow the proxy ( to send traffic out to port 80 and 443, but I would suggest just adding the port forwards first, and once the proxy is working correctly, you can add the firewall rules to the router, if you like.

Another way to send traffic from LAN systems to the proxy is configuring each browser to use the proxy in the browser's connection settings.

You do not need any iptables rules on the proxy server, as squid's will forward all allowed traffic to the Internet via your router. Looking at the iptables rules you posted, it appears those rules may loop all packets generated by the proxy back to the proxy, so pings are not coming back.

Last edited by anotherlinuxuser; 12-02-2013 at 02:21 AM.
Old 12-05-2013, 07:18 AM   #3
Registered: Jul 2012
Posts: 139

Original Poster
Rep: Reputation: Disabled
I took a look at the default gateway and changing it works perfectly. Thanks!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up transparent proxy through TOR Itsamnaaj Linux - Networking 1 07-22-2012 05:06 AM
LXer: Setting up ubuntu 10.04 (Lucid) server with squid 3 as a Transparent Proxy LXer Syndicated Linux News 0 06-22-2010 08:11 PM
Setting up a transparent proxy with only one box. leftler Linux - Networking 1 03-23-2010 07:32 PM
setting up dansguardian as a transparent proxy for hosts dcordina Ubuntu 3 03-02-2009 09:57 AM
setting up transparent proxy tsaravan Linux - Networking 4 03-30-2007 08:44 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:23 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration