Transparent Proxy

Creating a transparent proxy with Squid.

With Vuurmuur it is possible to redirect certain connections to a port on the local host (the firewall). This is especially useful for transparent proxies:

A transparent proxy needs no setup on the client side; the firewall does it all for you. So all of your clients use a proxy for their internet connections without even noticing.

First you need to set up Squid on your firewall. Check that Squid is serving for your internal network the way you want it by configuring your browser to use it. The usual port for Squid is 3128.

Then you need some modifications in your configuration to allow squid to be "transparent" in /etc/squid/squid.conf (or whereever your configuration resides):

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Update: with Squid 2.6 and up there is only one option required:

http_port IP:3128 transparent

where IP is the ip of the interface Squid is listening on. (Thanks to Martin Bruckbauer for pointing me at this!)

With those settings create a rule in Vuurmuur redirecting requests from your lan to "any" at port 80 to port 3128 (on localhost):

RULE="Redirect service http from my.lan to any options redirectport="3128""

et voilá! You have a transparent proxy!

Last modified 11 years ago Last modified on 09/03/07 20:55:17