How to Setup Squid Transparent Proxy Server on Ubuntu and Debian – TecAdmin

Channel: Linux
Abstract: To set up a basic transparent proxyInstall Squid. sudo apt-get install squid

Transparent proxy servers sit between clients and the internet, intercepting all requests without requiring configuration on the client side. One popular software solution for implementing a transparent proxy is Squid. In this article, we will go through the process of setting up Squid on Ubuntu and Debian systems.

  • A system running Ubuntu or Debian.
  • Root or sudo access.
1. Installation:

Step 1.1: Update your system’s package list.

sudo apt-get update 

Step 1.2: Install Squid.

sudo apt-get install squid 
2. Configuration:

Step 2.1: Backup the original configuration file. This is always good practice.

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original 

Step 2.2: Edit the configuration file.

sudo nano /etc/squid/squid.conf 

Step 2.3: To set up a basic transparent proxy, make the following changes in the configuration file:

Find the line http_port 3128 and change it to:

http_port 3128 intercept

Allow local network to access the internet. Replace YOUR_NETWORK with your local network CIDR, e.g.,

acl localnet src YOUR_NETWORK
http_access allow localnet

Step 2.4: Save the file and exit the editor.

3. Redirecting Traffic:

For the proxy to function as a transparent proxy, you need to redirect all web traffic to pass through it. This can be done using iptables.

Step 3.1: Redirect HTTP traffic (port 80) to Squid.

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 

Replace eth0 with your network interface if it’s different.

Step 3.2: Ensure that the iptables rules persist after a reboot. One way to achieve this is by installing iptables-persistent.

sudo apt-get install iptables-persistent 

During the installation, you will be prompted to save current rules. Choose 「Yes」 for both IPv4 and IPv6 rules.

4. Start and Test:

Step 4.1: Restart Squid to apply the changes.

sudo systemctl restart squid 

Step 4.2: Check Squid’s status.

sudo systemctl status squid 

Step 4.3: Test the setup by trying to access the internet from a client machine. You shouldn’t need to do any configuration on the client side if everything was set up correctly.

5. Monitoring and Logs:

To get insights into the websites being accessed, Squid provides logs. The access log can be checked at:

cat /var/log/squid/access.log 

A transparent proxy can be beneficial for several reasons, such as bandwidth management, content filtering, or monitoring. Squid offers a powerful solution for this purpose. While the above steps provide a basic setup, Squid offers numerous advanced configurations and functionalities worth exploring to cater to specific needs.

Ref From: tecadmin

Related articles