INTRODUCTION

How to Configure Squid 3.x as Transparent Proxy on CentOS 7 / RHEL 7

In an Old article we have seen the method of configuring Squid as Transparent Proxy on CentOS 6.4.This article will focus on how to configure squid transparent proxy server on CentOS 7 / RHEL 7. A proxy is called “transparent proxy” when internet users are not aware that their requests are processed through the proxy. Major benefit of configure squid as transparent proxy server is you do not have to setup individual browsers to work with proxy. It means no configurations on the client end.

Squid in transparent proxy mode will sits between client and internet. And redirect their port 80 traffic to 3128 port which is actually default squid port.

`

If you are using CentOS 6.4 you can refer to our old article: Squid as Transparent Proxy on CentOs 6.4.

LAB Environment Diagram.

Squid Proxy Server LAB Environment Diagram
Squid Proxy Server LAB Environment Diagram
 

The Above diagram is showing Squid Proxy Server has two network interface cards plugged in in that, one is directly connected to DSL modem, I will call that WAN and the second one is connected to switch which will be LAN. For testing purpose we have client computer in our network. A Caching-Only DNS Server is required also to resolve client DNS queries in order to function internet properly

 

Squid Server Settings
WAN IP Settings
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS 1: 192.168.1.1
DNS 2: 8.8.8.8

LAN IP Settings
IP Address: 192.168.2.100
Subnet Mask: 255.255.255.0

Client PC Settings
Client-1 IP Settings
IP Address: 192.168.2.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.100
DNS 1: 192.168.2.100
DNS 2: 8.8.8.8

The Colored Gateway field is Squid Proxy Server IP as our Gateway for client.

Squid Installation and Configuration

 yum install squid -y

Edit squid configuration file

Before you edit default configuration file it is highly recommended to keep backup.

 cp /etc/squid/squid.conf /etc/squid/squid.conf.bk-07-05-2016

Open configuration file and add below mentioned parameters

Add transparent proxy setting and add and allow our network

 vi /etc/squid/squid.conf
 Allow LAN Network
acl our_network src 192.168.2.0/24
# Allow Network ACL Allow/Deny Section#
http_access allow our_network
# Transparent Proxy Parameters
http_port 3128 intercept
visible_hostname pxy.broexperts.com

Save & Exit

Now start squid service and make sure it is added on startup.

 systemctl start squid
 systemctl enable squid

Add port redirection and masquerading rules in RHEL7/CentOS7 firewall using firewall-cmd tool.

firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=3128:toaddr=192.168.2.100
firewall-cmd --permanent --zone=public --add-port=3128/tcp
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload

If you wish to use iptables instead of firewalld deamon use below link to enable iptables in CentOS7 and then Add below showing iptables rules to setup squid as transparent proxy.

Note:-Refer this guide to enable iptables in CentOS 7 How to Enable Iptables Firewall in CentOS 7 / RHEL 7

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.2.100:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables --t nat -A POSTROUTING --out-interface eth1 -j MASQUERADE

now you can save your iptable rules by following command:

service iptables save

That’s It, Now squid should work smoothly in transparent proxy mode.

If you face any difficulty related to this guide, Tell us in Comments. Thanks

Next Topic: Squid Transparent Proxy Client’s are Unable to Connect HTTPS Sites


If you like this Post, please give us your valuable feedback by pressing Vote Up / Vote Down Button. Thanks.

[thumbs-rating-buttons]


Similar Posts