Setting up ubuntu 10.04 (Lucid) server with squid 3 as a Transparent Proxy

http://www.ubuntugeek.com/setting-up-ubuntu-10-04-lucid-server-with-squid-3-as-a-transparent-proxy.html

June 22, 2010 · Server · Email This Post

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Thanks to Jayson for this guide

Complete Steps in Setting up UBUNTU Server 10 with SQUID 3 as a Transparent Proxy.

Step 1. Install the Ubuntu Server 10, include LAMP if you want

Step 2. Change the network interfaces from dhcp to static

sudo nano /etc/network/interfaces

auto eth0
iface eth0 inet static
address 192.168.1.250
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.88

post-up iptables-restore < /etc/iptables.up.rules

auto eth1
iface eth1 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

Step 3. Install Web Admin (webmin) (Optional)

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.510-2_all.deb
dpkg –install webmin_1.510-2_all.deb
sudo apt-get -f install

https://localhost-IP ADDRES:10000

*Note Make sure you give permission to the IPTABLES ruleset to for you to access webmin over the net.

Step 4. Install ClamAV and ClamAV-freshclam

sudo apt-get install clamav clamav-freshclam

Step 5. The first step is to install squid 3

sudo apt-get install squid3

edit the squid 3 configuration file in your favorite editor

sudo nano /etc/squid3/squid.conf

and set the transparency and the allowed hosts

http_port 3128 transparent
acl our_networks src 192.168.2.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow our_networks
http_access allow localnet

where 192.168.2.0/24 is the IP range of local network. Probably you need to adjust the swap size

cache_dir ufs /var/spool/squid3 7000 16 256

here the first number denotes the size of cache in megabytes. Save you changes and restart the squid proxy by

sudo /etc/init.d/squid3 restart

Step 6. Edit the /etc/sysctl.conf

sudo nano /etc/sysctl.conf

Uncomment the line that enable packet forwarding for IPv4 and IPv6

Net.ipv4.ip_forward = 1
Net.ipv6.conf.all.forwarding = 1

Step 7. Edit the IPTABLE ruleset of NAT and FILTER

sudo nano /etc/iptables.up.rules

*nat

-A PREROUTING –i eth1 –p tcp –m tcp –dport 80 –j DNAT –to-destination 192.168.2.1:3128
-A PREROUTING –i eth1 –p tcp –m tcp –dport 80 –j REDIRECT –to-ports 3128
-A POSTROUTING –s 192.168.2.0/24 –o eth0 –j MASQUERADE

*filter

-A INPUT –i lo –j ACCEPT
-A INPUT –m state –i eth0 –state REALATED,ESTABLISHED –j ACCEPT
-A INPUT eth1 –j ACCEPT
-A INPUT –p tcp –m tcp –dport 22 –j ACCEPT # permit ssh using putty
-A INPUT –p tcp –m tcp –dport 10000 –j ACCEPT # permit webmin access
-A INPUT –j LOG
-A INPUT –j DROP
-A FORWARD –i eth1 –j ACCEPT
-A OUTPUT –o lo –j ACCEPT
-A OUTPUT –o eth1 –j ACCEPT
-A FOWARD –o eth1 –j ACCEPT
-A FORWARD –s 192.168.2.0/24 –o eth0 –j ACCEPT
-A FORWARD –d 192.168.2.0/24 –m state –state ESTABLISHED,REALTED –I eth0 –j ACCEPT

STEP 8. Edit rc.local

sudo nano /etc/rc.local

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 –o eth0 -j MASQUERADE

Step 9. reboot the server

Step 10. Configure the workstation for static IP Address making the LAN IP of the Ubuntu box as the gateway. Make sure that the IP Address of the work station is within the network you setup.