Transparent Proxy with Linux and Squid SUPER mini-HOWTO

Ralf Roeber

v0.01, August 2003

This document provides information on how to setup a transparent caching HTTP proxy server using only Debian, squid and iptables.

I assume that you already have your iptables up and running. If not ... do so now. Any question on how to do this go directly into the tutorial.

Getting squid with debian:

apt-get install squid

Change these settings in /etc/squid.conf:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Without httpd running on your squid-box you need this line in your iptables-script:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

If you have a httpd running on your squid box, these are the lines you need to insert into your iptables-script:

iptables -t nat -A PREROUTING -p tcp -d localhost --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d / --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -s eth1 --dport 80 -j REDIRECT --to-port 3128

The information was found in the Transparent Proxy with Linux and Squid mini-HOWTO written by Daniel Kiracofe.