Setting up a transparent proxy with Squid version 3

Here is how to setup a transparent proxy on your network using Squid 3.

Prerequisites:

• Router is running Linux with IP forwarding enabled
• Squid is installed on router
• Internal network range is 10.0.0.0/24
• Router's internal network interface is eth0

First the Squid configuration, The lines below are the minimum setup required, please refer to the Squid documentation for any options.

#only run the proxy on this ip/port and in transparent mode
http_port 10.0.0.1:3128 transparent

#setup the ACl's we need
acl localhost src 127.0.0.1/32 ::1
acl localnet src 10.0.0.0/24

#state which ACL's can connect to the proxy
http_access allow localnet
http_access allow localhost
http_access deny all

Once Squid has been restarted you can test the operation from your browser by setting your proxy to the router's internal IP and to port 3128. Once this works the following iptables rule can be setup to automatically forward all HTTP traffic on port 80 through the proxy.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Using transparent proxy allows all network clients including mobile devices to receive the speed benefit without any configuration.

Last updated: 20/06/2012