Squid as Transparent Proxy on CentOs 6.4

Photo of author

By rasho

In this tutorial I am going to configure squid acting as transparent proxy what does it means? It means we have no part of configurations on the client end, just to setup squid in transparent proxy mode so it will sits between client and internet. And redirect their port 80 requests to 3128 port which is default squid port.
Here the simple steps which you need to perform on squid server.

[box type=”shadow” align=”aligncenter” ]Lab Environment:

CetnOs 6.4 (as squid transparent proxy server), Hostname = pxy.lintut.com
eth0 : (Connected to Internet)
IP = 192.168.1.211/24, Gateway = 192.168.1.1 and DNS = 8.8.8.8
eth1 : (Connected to LAN)
IP = 10.0.0.1/24, and DNS = 172.0.0.1
Xp Pro SP3 (Client PC for testing). Hostname = xp1.lintut.com
IP = 10.0.0.11/8, Gateway = 10.0.0.1(squid Server’s IP) and DNS = 10.0.0.3[/box]

Step-1 Installing squid packages.

yum install squid -y

Step-2 Edit squid configuration file ‘/etc/squid/squid.conf’.

vi /etc/squid/squid.conf

Create one acl
acl lan src 10.0.0.0/8
Allow http access for ‘lan’

http_access allow lan

Add the word transparent or intercept after the port ‘3128’ just follow the below line.

http_port 3128 transparent

Step-3 Specify the hostname at the end of the file.

visible_hostname pxy.lintut.com

Save and Exit ‘:wq’

Step-4 Restart and ‘chkconfig’ the squid service so the service can be available on time of boot.

service squid start
chkconfig squid on

Step-5 IPtables rule for transparent squid proxy.

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -I INPUT -s 10.0.0.0/8 -p tcp --dport 3128 -j ACCEPT

Now we can test browsing on Client Machine.

1 thought on “Squid as Transparent Proxy on CentOs 6.4”

  1. Hi,

    I would like to ask, that the installing description will be on CentOS 6.7? And a mobile phone can access the system?

    Reply

Leave a Comment