A proxy is called “transparent” when clients are not aware that their requests are processed through the proxy means we need not to configure our web browser for connect through proxy server.
There are many benefits of using a transparent proxy
- A transparent proxy can enhance their web browsing performance by caching frequently accessed web content, while introducing minimal configuration overhead for them. For administrators.
- It can be used to enforce various administrative policies such as content filtering/URL/IP filtering, rate limiting, etc.
- System: PC with dual ethernet card (eth0,eth1)
- IPAddress on eth0: 122.176.40.1 # External Interface
- IPAddress on eth1: 192.168.0.42 (192.168.0.0/24 network (around 50 windows systems )
Step 1: Linux PC as a router
# vi /etc/sysctl.conf
net.ipv4.ip_forward=1
# service network restart
# service network restart
Step 2: configure in squid.conf
Now
we will modify Squid configuration to turn it into a transparent proxy.
We define our LAN subnet (e.g., 192.168.0.0/24) as a our client
network.
# vim /etc/squid/squid.conf
visible_hostname proxy.kvit.in # here proxy.kvit.in is a hostname of proxy server
http_port 3128 transparent
## Define our network ##
acl myLAN src 192.168.0.0/24
## make sure that our network is allowed ##
http_access allow myLAN
## finally deny everything else ##
http_access deny all
Step3: create IPTABLES rule
To
set up a transparent proxy with Squid, we start by adding necessary
iptables rules. These rules should help you get started, but please make
sure that they do not conflict with any of the existing configuration.
# iptables -t nat -A POSTROUTING -j MASQUERADEThe first rule will cause all outbound packets from eth0 (WAN interface) to have the source IP address of eth1 (i.e., enable NAT). The second rule will redirect all incoming HTTP packets (destined to TCP 80) from eth1 (LAN interface) to Squid listening ort (TCP 3128), instead of forwarding it out to WAN interface right away
# iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3128
Step4: restart and save the services
Now we start Squid service and make sure it is added to startup and save the iptables rules
# service squid start
# chkconfig squid on
# service iptables save
See access log file /var/log/squid/access.log:
# tail -f /var/log/squid/access.log
Above command will monitor all incoming request and log them to /var/log/squid/access.log file. Now if somebody accessing a website through browser, squid will log information.
Note:
You cannot use Squid authentication with a transparently intercepting proxy.
# chkconfig squid on
# service iptables save
Step5: Client Configuration
Step6: Log file
Is squid proxy is working correctly?
# tail -f /var/log/squid/access.log
Above command will monitor all incoming request and log them to /var/log/squid/access.log file. Now if somebody accessing a website through browser, squid will log information.
Note:
Squid Proxy authentication in a transparent mode
The proxy site is very important for the business people because the proxy give the protection for the website and they can protect the site from unauthorized people which they can want to access it.
ReplyDeleteaccess eMp3World in UK