Squid as Transparent Proxy on CentOs 6.4

In this tutorial I am going to configure squid acting as transparent proxy what does it means? It means we have no part of configurations on the client end, just to setup squid in transparent proxy mode so it will sits between client and internet. And redirect their port 80 requests to 3128 port which is default squid port. Here the simple steps which you need to perform on squid server.

Lab Environment: 

• CetnOs 6.4 (as squid transparent proxy server), Hostname = pxy.lintut.com
• eth0 : (Connected to Internet) IP = 192.168.1.211/24, Gateway = 192.168.1.1 and DNS = 8.8.8.8
• eth1 : (Connected to LAN) IP = 10.0.0.1/24, and DNS = 172.0.0.1
• Xp Pro SP3 (Client PC for testing). Hostname = xp1.lintut.com IP = 10.0.0.11/8, Gateway = 10.0.0.1(squid Server’s IP) and DNS = 10.0.0.3

Step-1 Installing squid packages.

yum install squid -y

Step-2 Edit squid configuration file ‘/etc/squid/squid.conf’.

vi /etc/squid/squid.conf

Create one acl

acl lan src 10.0.0.0/8

Allow http access for ‘lan’

http_access allow lan

Add the word transparent or intercept after the port ‘3128’ just follow the below line.

http_port 3128 transparent

Step-3 Specify the hostname at the end of the file.

visible_hostname pxy.lintut.com

Save and Exit ‘:wq’

Step-4 Restart and ‘chkconfig’ the squid service so the service can be available on time of boot.

service squid start
chkconfig squid on

Step-5 IPtables rule for transparent squid proxy.

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -I INPUT -s 10.0.0.0/8 -p tcp --dport 3128 -j ACCEPT

Now we can test browsing on Client Machine.

Save IPTaables rules:

iptables-save > /etc/sysconfig/iptables

Next use webmin to modify cache content parameters.

Src:

https://lintut.com/squid-as-transparent-proxy-on-centos-6-4/

https://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently