Create a gateway with a transparent proxy (Iptables, Squid)

#linux

#proxy

#iptables

#gateway

#squid

#transparent proxy

You need to have at least two network interfaces. We call them eth0 and eth1.

eth0 brings internet
eth1 is the organization network (usually a switch)

Accept connection from inside (eth1) and forward them to (eth0)

iptables -A FORWARD -o eth0 -i eth1 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT

We accept to forward all already established connection

iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Masquerading (substitute the local source ip address to the public address)

iptables -A POSTROUTING -t nat -j MASQUERADE

Force all connection to HTTP (80) to go to 8080, where Squid can handle the request

sudo iptables -t nat -A PREROUTING -i eth1 -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080

If you need an IP to bypass Squid :

sudo iptables -t nat -I PREROUTING 1 -i eth1 -s 192.168.1.XXX -p tcp -m tcp --dport 80 -J ACCEPT

Written by pmaoui

Say Thanks

Respond

Related protips

Remote Access to IPython Notebooks via SSH

302.5K

Find all the IP ranges on an ASN

229K

$#, $@ & $?: Bash Built-in variables

199.9K

3 Responses

Add your response

meneses1180

i follow all your steps but my squid dosent work. May I send you my configuration files?

over 1 year ago ·

pmaoui

The first step for you is to make Squid works. This protip is a next step to make it transparent for the users of your network and manage people who need to go through squid or bypass it. You can find useful information for your case here http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html

over 1 year ago ·