Last Updated: February 25, 2016
· poupougnac
1505228 10153667646265066 1410509922 n

Create a gateway with a transparent proxy (Iptables, Squid)

You need to have at least two network interfaces. We call them eth0 and eth1.

  • eth0 brings internet
  • eth1 is the organization network (usually a switch)

Accept connection from inside (eth1) and forward them to (eth0)

iptables -A FORWARD -o eth0 -i eth1 -s -m conntrack --ctstate NEW -j ACCEPT

 We accept to forward all already established connection

iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Masquerading (substitute the local source ip address to the public address)

iptables -A POSTROUTING -t nat -j MASQUERADE

Force all connection to HTTP (80) to go to 8080, where Squid can handle the request

sudo iptables -t nat -A PREROUTING -i eth1 -s -p tcp --dport 80 -j REDIRECT --to-port 8080

 If you need an IP to bypass Squid :

sudo iptables -t nat -I PREROUTING 1 -i eth1 -s 192.168.1.XXX -p tcp -m tcp --dport 80 -J ACCEPT
Say Thanks

3 Responses
Add your response

0 5kcgsmk2g3jcaprcfa cs23g0xrul9scfbngsd8uhffwmtsgdntlqsqcauuk aumkp8 vetesy v

i follow all your steps but my squid dosent work. May I send you my configuration files?

over 1 year ago ·
1505228 10153667646265066 1410509922 n

The first step for you is to make Squid works. This protip is a next step to make it transparent for the users of your network and manage people who need to go through squid or bypass it. You can find useful information for your case here http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html

over 1 year ago ·
K z3wzzp normal

Thank you very much...

over 1 year ago ·
Filed Under