Squid is a very well known and vastly used cache proxy server for the common web protocols such as HTTP, HTTPS, FTP and more. It caches frequently accessed web pages and thus reduces bandwidth and response time. Squid is available for almost all the platforms including Windows. It is open source and available under GNU/GPL.
Advantages of setting up Squid as Transparent Proxy include the fact that you don't need to configure all the machines on your LAN to connect to Squid manually. All the traffic would be redirected to the Squid Listening Port automatically and your Ubuntu Box would act like a Router.
Follow these steps to set up a Transparent Proxy Server with Squid3 on Ubuntu Lucid (10.04).
1 . Install Ubuntu Lucid Server or Desktop on your computer. Both Server and Desktop editions are capable of doing this job equally well.
2 . Change your network interfaces from DHCP to Static.
Tip: You can also use gedit instead of nano if you are using Ubuntu Desktop.
Delete all the text and paste this text in your interfaces file:
Where 192.168.1.100 is the IP address of your WAN interface and 192.168.2.1 is the IP address of your LAN interface.
3 . Install squid3:
4 . Make a backup of your squid.conf for future reference. Squid.conf has nearly all the options listed and it is recommended to go through that file to know more about squid options.
5 . Configure squid3.
Remove all the text and paste this text in your squid.conf file for a minimal configuration:
Where 192.168.2.0/24 is the range of your LAN interface.
The last line in that file is defining a cache directory for squid3 to use. Here, the first number denotes the size of cache in MB, 20 GB in this case.
Save and close this file.
6 . Restart squid3:
7 . Edit /etc/sysctl.conf:
In this file, uncomment the lines that enable packet forwarding for IPv4 and IPv6:
Save and close this file.
8 . Define IPTABLE rules for port forwarding.
Paste this text in the file that opens up:
Save and close this file.
9 . Edit /etc/rc.local:
Paste this text at the end of the file that opens up:
Save and close this file.
10 . Reboot your server.
If you don't want to go to each machine on your Network and configure it for a Static IP, you can use dhcp3-server to assign Dynamic IPs to all the computers on your LAN and make them forward all there internet traffic to your squid box.
11 . Install dhcp3-server:
12 . Edit /etc/default/dhcp3-server:
Type eth1 in between the quotes in this line:
Save and close this file.
13 . Make a backup of your original /etc/dhcp3/dhcpd.conf:
14 . Edit /etc/dhcp3/dhcpd.conf:
Delete all the text and paste this text in the file that opens up:
We are using Google DNS in this example. You can use your own DNS Server if you've configured one on your network.
Save and close this file.
Make sure all the cables on your network are plugged in and the devices are powered on.
15 . Start dhcp3-server:
16 . Reboot your server and everything should be working as it should after that.
If you want to bind IP addresses permanently to the same machines, see here:
http://www.tuxgarage.com/2011/01/how-to-bind-ip-address-to-mac-address.html
Enjoy!
Advantages of setting up Squid as Transparent Proxy include the fact that you don't need to configure all the machines on your LAN to connect to Squid manually. All the traffic would be redirected to the Squid Listening Port automatically and your Ubuntu Box would act like a Router.
Follow these steps to set up a Transparent Proxy Server with Squid3 on Ubuntu Lucid (10.04).
sudo nano /etc/network/interfaces
Tip: You can also use gedit instead of nano if you are using Ubuntu Desktop.
Delete all the text and paste this text in your interfaces file:
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
post-up iptables-restore < /etc/iptables.up.rules
auto eth1
iface eth1 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
post-up iptables-restore < /etc/iptables.up.rules
auto eth1
iface eth1 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
Where 192.168.1.100 is the IP address of your WAN interface and 192.168.2.1 is the IP address of your LAN interface.
sudo apt-get install squid3
sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original
sudo nano /etc/squid3/squid.conf
Remove all the text and paste this text in your squid.conf file for a minimal configuration:
http_port 3128 transparent
acl LAN src 192.168.2.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow LAN
http_access allow localnet
cache_dir ufs /var/spool/squid3 20000 16 256
acl LAN src 192.168.2.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow LAN
http_access allow localnet
cache_dir ufs /var/spool/squid3 20000 16 256
Where 192.168.2.0/24 is the range of your LAN interface.
The last line in that file is defining a cache directory for squid3 to use. Here, the first number denotes the size of cache in MB, 20 GB in this case.
Save and close this file.
sudo /etc/init.d/squid3 restart
sudo nano /etc/sysctl.conf
In this file, uncomment the lines that enable packet forwarding for IPv4 and IPv6:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding=1
Save and close this file.
sudo nano /etc/iptables.up.rules
Paste this text in the file that opens up:
*nat
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
COMMIT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
COMMIT
Save and close this file.
sudo nano /etc/rc.local
Paste this text at the end of the file that opens up:
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 –o eth0 -j MASQUERADE
Save and close this file.
If you don't want to go to each machine on your Network and configure it for a Static IP, you can use dhcp3-server to assign Dynamic IPs to all the computers on your LAN and make them forward all there internet traffic to your squid box.
sudo apt-get install dhcp3-server
sudo nano /etc/default/dhcp3-server
Type eth1 in between the quotes in this line:
INTERFACES=""
Save and close this file.
sudo cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.original
sudo nano /etc/dhcp3/dhcpd.conf
Delete all the text and paste this text in the file that opens up:
authoritative;
default-lease-time 3600;
max-lease-time 3600;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
option domain-name-servers 8.8.8.8, 8.8.8.4;
option domain-name "my.domain.name";
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.3 192.168.2.253;
}
default-lease-time 3600;
max-lease-time 3600;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
option domain-name-servers 8.8.8.8, 8.8.8.4;
option domain-name "my.domain.name";
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.3 192.168.2.253;
}
We are using Google DNS in this example. You can use your own DNS Server if you've configured one on your network.
Save and close this file.
Make sure all the cables on your network are plugged in and the devices are powered on.
sudo service dhcp3-server start
If you want to bind IP addresses permanently to the same machines, see here:
http://www.tuxgarage.com/2011/01/how-to-bind-ip-address-to-mac-address.html
Enjoy!
