How to Configure Squid 3.x as Transparent Proxy on CentOS 7 / RHEL 7
In an Old article we have seen the method of configuring Squid as Transparent Proxy on CentOS 6.4.This article will focus on how to configure squid transparent proxy server on CentOS 7 / RHEL 7. A proxy is called “transparent proxy” when internet users are not aware that their requests are processed through the proxy. Major benefit of configure squid as transparent proxy server is you do not have to setup individual browsers to work with proxy. It means no configurations on the client end.
Squid in transparent proxy mode will sits between client and internet. And redirect their port 80 traffic to 3128 port which is actually default squid port.
If you are using CentOS 6.4 you can refer to our old article: Squid as Transparent Proxy on CentOs 6.4.
LAB Environment Diagram.
The Above diagram is showing Squid Proxy Server has two network interface cards plugged in in that, one is directly connected to DSL modem, I will call that WAN and the second one is connected to switch which will be LAN. For testing purpose we have client computer in our network. A Caching-Only DNS Server is required also to resolve client DNS queries in order to function internet properly
Squid Server Settings
WAN IP Settings
LAN IP Settings
Client PC Settings
Client-1 IP Settings
The Colored Gateway field is Squid Proxy Server IP as our Gateway for client.
Squid Installation and Configuration
yum install squid -y
Edit squid configuration file
Before you edit default configuration file it is highly recommended to keep backup.
cp /etc/squid/squid.conf /etc/squid/squid.conf.bk-07-05-2016
Open configuration file and add below mentioned parameters
Add transparent proxy setting and add and allow our network
Allow LAN Network
acl our_network src 192.168.2.0/24
# Allow Network ACL Allow/Deny Section#
http_access allow our_network
# Transparent Proxy Parameters
http_port 3128 intercept
Save & Exit
Now start squid service and make sure it is added on startup.
systemctl start squid
systemctl enable squid
Add port redirection and masquerading rules in RHEL7/CentOS7 firewall using firewall-cmd tool.
firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=3128:toaddr=192.168.2.100
firewall-cmd --permanent --zone=public --add-port=3128/tcp
firewall-cmd --permanent --add-masquerade
If you wish to use iptables instead of firewalld deamon use below link to enable iptables in CentOS7 and then Add below showing iptables rules to setup squid as transparent proxy.
Note:-Refer this guide to enable iptables in CentOS 7 How to Enable Iptables Firewall in CentOS 7 / RHEL 7
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.2.100:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables --t nat -A POSTROUTING --out-interface eth1 -j MASQUERADE
now you can save your iptable rules by following command:
service iptables save
That’s It, Now squid should work smoothly in transparent proxy mode.
If you face any difficulty related to this guide, Tell us in Comments. Thanks