Karakas Online

Chapter 5. Transparent proxying with Squid

Figure 5-1. Squid.

Squid.

Squid.



I assume you have already set up a Squid proxy and a firewall and that both work correctly. You may now wish to force all your users to use the Squid proxy for surfing the WWW. This is what "transparent proxying" is about: your users surf, even without having defined a proxy in their browser settings, but they in fact all use the transparent proxy and don't notice it.

To enable transparent proxying with Squid, insert the following lines in the configuration file (squid.conf, usually in /etc) at the aproppriate place (search the configuration file for the respective keywords, httpd_accel_host, httpd_accel_with_proxy and httpd_accel_uses_host_header):

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

You will also need to accept and redirect the WWW traffic to port 3128 of the Squid proxy:

ipchains -A input -p TCP -d 127.0.0.1/32 www -j ACCEPT
ipchains -A input -p TCP -d 192.168.0.0/32 www -j ACCEPT
ipchains -A input -p TCP -d any/0 www -j REDIRECT 3128

or, if you use SuSEfirewall2

FW_REDIRECT_TCP="192.168.0.0/24,0/0,tcp,80,3128"

Restart Squid and the firewall. Transparent proxying should be working now. However there are some issues associated with the above settings. You can read about them in the corresponding comments in the squid.conf file.

For more details, see the Transparent Proxy HOWTO.