Transparent proxy concept is one of the nice concept with which we can avoid configuring clients for proxy. And it is not much hard to implement also.
The basic steps are as follows in Fedora 8 to configure that as a firewall router with a transparent proxy.
1. Install fedora with web server feature enabled and go to its sub items and make sure Squid 2.6 is selected.
2. Take the terminal window and edit the file squid.conf file using the commandvi /etc/sysconfig/squid.conf
3. Find out the following lines in squid.conf file and remove ‘#’ from the beginning of files and edit those lines as followshttp_access allow all
cache_mem 8 MB
cache_dir ufs /usr/local/squid/var/cache 100 16 256
http_port 192.168.10.1:3128 transparent
# Assumes that 192.168.10.1 is the ip addresses of your LAN Ethernet interfacealways_direct allow all
4. Save the file & exit (by pressing ‘Esc’ + ‘:wq’)
5. To enable routing, edit the ‘sysctl.conf’ file as followsvi /etc/sysctl.conf
net.ipv4.ip_forward = 1
6. Save the file & exit (by pressing ‘Esc’ + ‘:wq’)
7. Edit firewall rules by typing the following commands in the console (Assuming that eth0 is WAN and eth1 is your LAN interface)iptables –F
iptables –t nat –F
iptables –t nat –X
iptables –t mangle –F
iptables –t mangle –X
iptables –P INPUT DROP
iptables –P OUTPUT ACCEPT
iptables –A INPUT –i lo –j ACCEPT
iptables –A OUTPUT –o lo –j ACCEPT
iptables –A FORWARD –i eth1 -j ACCEPT
iptables –A OUTPUT –o eth1 –j ACCEPT
iptables -A INPUT -p tcp -i eth1 -m tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables –t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables –t nat -A POSTROUTING -o eth0 -j MASQUERADE
8. Save iptables by ‘service iptables save’ command
9. Wonderful, our configuration is over.
10. Create Swap directories for squid by typing the command ‘/usr/sbin/squid -z’ in the console.
11. Start squid service by the command ‘service squid start’
12. Restart iptables by the command ‘service iptables restart’
The above configuration makes your Linux also secured router and only SSL is accessible through LAN and WAN as well as SQUID service is accessible through LAN.
You don’t need to do any proxy configuration in client.
You can see the performance for frequently accessed web pages and you don’t need to run and configure proxy on all the client machines you have. Remind the quote of Blue coat – “I Love Proxy”. Study more based on this document and Fine tune your product as productive as you can for your organization.
Note: This will cache request of http Web Pages only and proxy authentication won’t work with transparent proxy.
Feedbacks: We appreciate feedbacks and suggestions about our website info@techgyaan.org
3 comments
Ok then i will try to use this way to install the proxy
Voice and Data Integration
i tried configure transparent proxy using above tutorial in fedora 10.transparent proxy is not working normal proxy is working.above tutorial is working with fedora also.please help regarding configure fedora 10 as transparent proxy.
regards,
Hari
sada_ind@yahoo.co.in
I have tried for a month to run transparent squid 2.6 but failed . I also don't have experienced somebody to help me to run it . But writing "How to configure Transparent Squid Proxy on Linux" has made me successful .
I have about been dishearted when I have been unable to make transparent pxoxy also. Thanks a lot and really grateful to the writer of the writing for writing this great articale . My operating system is Red Hat Enterprize Linux 5 .
Md. Jamal uddin
Phone :01721400900
Uttara , Dhaka , Bangladesh .
Email:shourov_008@yahoo.com
Post a Comment