Unknown Unknown Author
Title: SQUID as a transparent proxy on CentOS /RHEL :: Part 3
Author: Unknown
Rating 5 of 5 Des:
A proxy is called “transparent” when clients are not aware that their requests are processed through the proxy ...


A proxy is called “transparent” when clients are not aware that their requests are processed through the proxy means we need not to configure our web browser for connect through proxy server.
There are many benefits of using a transparent proxy
  1. A transparent proxy can enhance their web browsing performance by caching frequently accessed web content, while introducing minimal configuration overhead for them. For administrators.
  2. It can be used to enforce various administrative policies such as content filtering/URL/IP filtering, rate limiting, etc.
My Setup Scenario :
  • System: PC with dual ethernet card (eth0,eth1)
  • IPAddress on eth0: 122.176.40.1         # External Interface
  • IPAddress on eth1: 192.168.0.42 (192.168.0.0/24 network (around 50 windows systems )

Step 1: Linux PC as a router

# vi /etc/sysctl.conf net.ipv4.ip_forward=1
# service network restart

Step 2: configure in squid.conf

Now we will modify Squid configuration to turn it into a transparent proxy. We define our LAN subnet (e.g., 192.168.0.0/24) as a our client network. # vim /etc/squid/squid.conf
visible_hostname proxy.kvit.in     # here proxy.kvit.in is a hostname of proxy server
http_port 3128 transparent
## Define our network ##
acl myLAN src 192.168.0.0/24
## make sure that our network is allowed ##
http_access allow myLAN
## finally deny everything else ##
http_access deny all

Step3: create IPTABLES rule

To set up a transparent proxy with Squid, we start by adding necessary iptables rules. These rules should help you get started, but please make sure that they do not conflict with any of the existing configuration.
# iptables -t nat -A POSTROUTING -j MASQUERADE
# iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3128
The first rule will cause all outbound packets from eth0 (WAN interface) to have the source IP address of eth1 (i.e., enable NAT). The second rule will redirect all incoming HTTP packets (destined to TCP 80) from eth1 (LAN interface) to Squid listening ort (TCP 3128), instead of forwarding it out to WAN interface right away

Step4: restart and save the services

Now we start Squid service and make sure it is added to startup and save the iptables rules # service squid start
# chkconfig squid on
# service iptables save

Step5: Client Configuration

 Step6: Log file

Is squid proxy is working correctly?

See access log file /var/log/squid/access.log:
# tail -f /var/log/squid/access.log

Above command will monitor all incoming request and log them to /var/log/squid/access.log file. Now if somebody accessing a website through browser, squid will log information.

Note:
Squid Proxy authentication in a transparent mode

You cannot use Squid authentication with a transparently intercepting proxy.

About Author

Advertisement

Post a Comment

  1. The proxy site is very important for the business people because the proxy give the protection for the website and they can protect the site from unauthorized people which they can want to access it.
    access eMp3World in UK

    ReplyDelete

 
Top