In this article we have discuss about Squid (Transparent) Proxy Server installation and configuration on RHEL 6/5, CentOS 6/5, Scientific Linux 6/5 and Oracle Linux 6/5. Before knowing Transparent Proxy Server  first of all we know about Proxy Server. Proxy servers are used to share an Internet connection with clients. A Proxy Server can be configured as the transparent Proxy Server to share the Internet connection and Caching web server to store web pages locally to improve performance.Proxy firewall to control access to the Internet.Squid Proxy is the most widely used open source proxy these software is used for Transparent Proxy Server.

Introduction to the Transparent Proxy Server

The transparent Proxy Server is the server that is used to share the Internet connection between the clients and server..The ‘transparent proxy’ is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification.
Transparent proxy also known as an intercepting proxy, inline proxy, or forced proxy, a transparent proxy intercepts normal communication at the network layer without requiring any special client configuration. Clients need not be aware of the existence of the proxy.
A transparent proxy is normally located between the client and the Internet, with the proxy performing some of the functions of a gateway or router.Intercepting proxies are commonly used in businesses to enforce acceptable use policy, and to ease administrative overheads, since no client browser configuration is required.
This second reason however is mitigated by features such as Active Directory group policy, or DHCP and automatic proxy detection.Intercepting proxies are also commonly used by ISPs in some countries to save upstream bandwidth and improve customer response times by caching.

Working Principle of Transparent Proxy Server

02-How-proxy-works-1
03-How-proxy-works-2-1024x546 04-How-proxy-works-3 05-How-proxy-works--1024x546
Firstly the original destination IP and port must somehow be communicated to the proxy. There is a class of cross site attacks that depend on certain behavior of intercepting proxies that do not check or have access to information about the original destination.This can cause problems where an intercepting proxy requires authentication, then the user connects to a site which also requires authentication.Finally intercepting connections can cause problems for HTTP caches, since some requests and responses become unchangeable by a shared cache.More information about these can be find at Squid official website.

Squid Proxy Server quick key points

  • Packages – squid*.rpm
  • Port Numbers – 3128 (default)
  • Configuration File – /etc/squid/squid.conf
  • Service / Daemon – squid

Squid Proxy Server Installation and Configuration on RHEL 6/5, CentOS 6/5, Scientific Linux 6/5 and Oracle Linux 6/5

Step-I (Install the Squid proxy packages)
[root@proxyserver ~]# yum install squid*
Step-II (Edit the configuration file)
[root@proxyserver ~]# vi /etc/squid/squid.conf

Modify the following parameters

http_port 3128 transparent
visible_hostname linux?squid
cache_dir ufs /var/spool/squid 100 16 256
acl our_networks src 192.168.0.0/24
acl business_hours time S M T W H F A 09:00?17:30
acl test url_regex www.yahoo.com
http_access allow our_networks business_hours test
Step-III (Run the Natting script)
[root@proxyserver ~]# sh transparent_proxy.sh
#!/bin/sh
SQUID_SERVER="192.168.0.12"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j
MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# Load IPTA
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT)
aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to
$SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port
$SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Step-IV (Restart the squid service)
[root@proxyserver ~]# service squid restart

Linux Client Side Configuration

Step-I (Refresh the network)
# netconfig
Step-II (Give Gateway ip as Proxy)

07-Linux-Client-Configuration-1024x546

Step-III (Open browser and start browsing)

08-Linux-Client-Configuration-1024x546

Final Result

That`s all now, you have configured and installed squid Proxy Server.You’re now ready to use the squid Proxy Server on your systems. Just Boot to the Linux Operating system and see the action of the squid Proxy Server. Ensure that the squid Proxy Server is integrate perfectly with the all Client systems.Enjoy the squid Proxy Server on your system. Any difficulties regarding the installation and configuration use the comment section below.