Abstract: To set up a basic transparent proxyInstall Squid. sudo apt-get install squid
Transparent proxy servers sit between clients and the internet, intercepting all requests without requiring configuration on the client side. One popular software solution for implementing a transparent proxy is Squid. In this article, we will go through the process of setting up Squid on Ubuntu and Debian systems.Prerequisites:
- A system running Ubuntu or Debian.
- Root or sudo access.
Step 1.1: Update your system’s package list.
sudo apt-get update
Step 1.2: Install Squid.
sudo apt-get install squid
Step 2.1: Backup the original configuration file. This is always good practice.
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original
Step 2.2: Edit the configuration file.
sudo nano /etc/squid/squid.conf
Step 2.3: To set up a basic transparent proxy, make the following changes in the configuration file:
Find the line http_port 3128 and change it to:
http_port 3128 intercept
Allow local network to access the internet. Replace YOUR_NETWORK with your local network CIDR, e.g., 192.168.1.0/24.
acl localnet src YOUR_NETWORK http_access allow localnet
Step 2.4: Save the file and exit the editor.3. Redirecting Traffic:
For the proxy to function as a transparent proxy, you need to redirect all web traffic to pass through it. This can be done using iptables.
Step 3.1: Redirect HTTP traffic (port 80) to Squid.
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128
Replace eth0 with your network interface if it’s different.
Step 3.2: Ensure that the iptables rules persist after a reboot. One way to achieve this is by installing iptables-persistent.
sudo apt-get install iptables-persistent
During the installation, you will be prompted to save current rules. Choose 「Yes」 for both IPv4 and IPv6 rules.4. Start and Test:
Step 4.1: Restart Squid to apply the changes.
sudo systemctl restart squid
Step 4.2: Check Squid’s status.
sudo systemctl status squid
Step 4.3: Test the setup by trying to access the internet from a client machine. You shouldn’t need to do any configuration on the client side if everything was set up correctly.5. Monitoring and Logs:
To get insights into the websites being accessed, Squid provides logs. The access log can be checked at:
A transparent proxy can be beneficial for several reasons, such as bandwidth management, content filtering, or monitoring. Squid offers a powerful solution for this purpose. While the above steps provide a basic setup, Squid offers numerous advanced configurations and functionalities worth exploring to cater to specific needs.