Transparent Proxy with Linux and Squid 2

Standard

The transparent proxy features of squid and linux can be combined to provide a caching server that is completlely invisible to all users of your LAN or ISP. If you have some knowledge of Unix networking, the setup is easy. This page will show you how.

These directions are intended for stable kernel 2.0.x. They may or may not work on older kernels. If you are running a recent development kernel 2.1.x or stable kernel 2.2.x, please follow these directions: Transparent Proxy with Linux-2.1.x/2.2.x and Squid. This page is not meant to be an all-inclusive Squid FAQ. If you have problems or questions outside the scope of this document, please see The Squid Home Page and go to the Documentation link.

  1. Make sure that your kernel is configured properly. This may involve a recompile, which is beyond the scope of this document. If you need help on compiling a kernel, please see The Kernel HOWTO. You will need the following options: Prompt for Development and/or Incomplete code drivers, Network Firewalls, TCP/IP Networking, IP Forwarding/Gatewaying, IP Firewalling, IP Transparent Proxy Support. Optimize as Router Not Host is optional, but recommended.
  2. Install Squid. Squid can be obtained from squid.nlanr.net I would recommend that you get the latest source version of 2.1 (2.2 is still beta as of this writing)
  3. Gunzip and untar the archive.
  4. Run the following to compile squid: ./configure && make && make install
  5. Configure your squid.conf to your needs. There are four things you will want to make sure you have for transparent proxying:
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on

    Also pay attention to
    http_port
    The default value of 3128 should be fine for almost everyone. You’ll need to know what value you’re using a little later.

  6. Install the IP Firewall Administration package if you don’t already have it. You can get this from: tsx-11.mit.edu/pub/linux/packages/tools. (You should already have it; it comes with Slackware, Red Hat, and Debian…).
  7. Set up your IP firewalling rules. You need to know two things, the IP address of the box (I’ll use 192.168.1.1 as an example) and the port that squid is running on (I’ll use the default 3128 as an example). Use the following commands:
    ipfwadm -I -a a -P tcp -S any/0 -D 127.0.0.1 80
    ipfwadm -I -a a -P tcp -S any/0 -D 192.168.1.1 80
    ipfwadm -I -a a -P tcp -S any/0 -D any/0 80 -r 3128

    Add these to your appropriate startup script(s).
  8. If this is a new installation of squid, initialize squid’s cache directories with squid -z
  9. Start squid with squid &
  10. Change the gateways for the computers on your LAN and or ISP to point to the IP address of your squid box and you’re in business.