First of all we know about Proxy Server before knowing Transparent Proxy Server. Proxy servers are used to share an Internet connection with clients. A Proxy Server can be configured as the transparent Proxy Server. To share the Internet connection and Caching web server.
First of all to store web pages locally to improve performance. Proxy firewall to control access to the Internet. Squid Proxy is the most widely used open source proxy these software is used for Transparent Proxy Server.
Working Principle of Transparent Proxy Server
Squid Proxy Server quick key points
- Packages – squid*.rpm
- Port Numbers – 3128 (default)
- Configuration File – /etc/squid/squid.conf
- Service / Daemon – squid
Squid Proxy Server Installation and Configuration
Firstly in Step-I (Install the Squid proxy packages)
# yum install squid*
Secondly in Step-II (Edit the configuration file)
# vi /etc/squid/squid.conf
First of all Modify the following parameters
http_port 3128 transparent visible_hostname linux?squid cache_dir ufs /var/spool/squid 100 16 256 acl our_networks src 192.168.0.0/24 acl business_hours time S M T W H F A 09:00?17:30 acl test url_regex www.yahoo.com http_access allow our_networks business_hours test
After that Step-III (Run the Natting script)
# vim transparent_proxy.sh
Then Add The given line
#!/bin/sh SQUID_SERVER="192.168.0.12" # Interface connected to Internet INTERNET="eth0" # Interface connected to LAN LAN_IN="eth1" # Squid port SQUID_PORT="3128" # DO NOT MODIFY BELOW # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp # For win xp ftp client #modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # Load IPTA # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP
After that Run the script
# bash transparent_proxy.sh
Finally in Step-IV (Restart the squid service)
# service squid restart
Linux Client Side Configuration
Firstly in Step-I (Refresh the network)
# netconfig
Econdly in Step-II (Give Gateway ip as Proxy)
Finally in Step-III (Open browser and start browsing)
Congratulations now you have configured the Squid Proxy Server on CentOS and RHEL.
