transparent http proxy with Linux and Squid
11 08 2009if you are running Squid on or behind you Linux gateway here’s HowTo transparently run all outgoing HTTP through it
if Squid is running on the gateway it’s quite simple:
# iptables -t nat -A PREROUTING -i $INT_IFACE -s $INTERNAL_LAN -p tcp –dport 80 -j REDIRECT –to $PROXY_PORT
in case when Squid is running on machine within your perimeter it’s a bit more tricky:
on your router add following
#iptables -t mangle -A PREROUTING -j ACCEPT -p tcp –dport 80 -s $PROXY_IP
#iptables -t mangle -A PREROUTING -j MARK –set-mark 3 -p tcp –dport 80
#ip rule add fwmark 3 table 2
#ip route add default via $PROXY_IP dev $INT_IFACE table 2
and do not forget to add following line to proxy_server iptables:
#iptables -A PREROUTING -t nat -i $INT_IFACE -p tcp –dport 80 -j REDIRECT –to-port $PROXY_PORT