Debian Raspberry Pi: Setting Squid3 transparent proxy

The following article will introduce you to Debian Raspberry Pi to set up Squid3 transparent proxy for accelerating the Internet experience. I hope this article will help you.

First, we have configured a wireless hotspot. If you are not clear about it, refer to my previous article. The effect of the configuration is to connect to Raspberry Pi through a wireless Nic, then the traffic passes through the wlan0 Nic to eth0 and then exits. That is to say, eth0 is equivalent to the WAN port of our router, while wlan0 is equivalent to the LAN port. After clarifying this relationship, let's continue.

First, install squid3. You can run the following command:

The Code is as follows:	Copy code
Apt-get install squid3

Before that, you should remember that the following iptables configuration was used when I set the wireless routing function:

The Code is as follows:	Copy code
Sudo iptables-t nat-a postrouting-o eth0-j MASQUERADE Sudo iptables-a forward-I eth0-o wlan0-m state -- state RELATED, ESTABLISHED-j ACCEPT Sudo iptables-a forward-I wlan0-o eth0-j ACCEPT

If the above configuration has been completed, you can run an iptables command to transfer the traffic from port 80 to port 3128 of squid3:

The Code is as follows:	Copy code
Iptables-t nat-a prerouting-I wlan0-p tcp -- dport 80-j REDIRECT -- to-ports 3128

Replace the previously set iptables. ipv4.nat, and back up it first:

The Code is as follows:	Copy code
Sudo mv/etc/iptables. ipv4.nat/etc/iptables. ipv4.nat. old Sudo sh-c "iptables-save>/etc/iptables. ipv4.nat"

After running the preceding command, you will find that the default access denied screen of squid is displayed on all webpages, indicating that squid3 has started to work. We need to configure it below, see the following patch to edit the configuration file/etc/squid3/squid. conf:

The Code is as follows:

Copy code

--/Etc/squid3/squid. conf. orig 2013-02-25 11:31:23. 839560066 + 1300 ++/Etc/squid3/squid. conf 09:07:15. 388951441 + 1300 @-702,6 + 702,7 @@ # Acl localnet src 192.168.0.0/16 # RFC1918 possible internal network # Acl localnet src fc00:/7 # RFC 4193 local private network range # Acl localnet src fe80:/10 # RFC 4291 link-local (directly plugged) machines + Acl localnet src 192.168.42.0/24   Acl SSL_ports port 443 Acl Safe_ports port 80 # http @-828,7 + 829,7 @@ # We stronugly recommend the following be uncommented to protect innocent # Web applications running on the proxy server who think the only # One who can access services on "localhost" is a local user -# Http_access deny to_localhost + Http_access deny to_localhost   # # Insert your own rule (S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS @-837,7 + 838,7 @@ # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # From where browsing shoshould be allowed -# Http_access allow localnet + Http_access allow localnet Http_access allow localhost   # And finally deny all other access to this proxy @-1133,7 + 1134,7 @@ #   # Squid normally listens to port 3128 -Http_port 3128 + Http_port 3128 intercept   # TAG: https_port # Note: This option is only available if Squid is rebuilt with @-2073,7 + 2074,7 @@ # Accessed frequently in memory to improve performance whilst low # Enough to keep larger objects from hoarding cache_mem. # Default: -# Maximum_object_size_in_memory 512 KB + Maximum_object_size 128000 KB   # TAG: memory_replacement_policy # The memory replacement policy parameter determines which @-2229,7 + 2230,7 @@ #   # Uncomment and adjust the following to add a disk cache directory. -# Cache_dir ufs/var/spool/squid3 100 16 256 + Cache_dir ufs/var/spool/squid3 1000 16 256   # TAG: store_dir_select_algorithm # Set this to 'Round-robin 'as an alternative. @-2611,7 + 2612,7 @@ # Note2, for Debian/Linux the default of logfile_rotate is # Zero, since it implements des external logfile-rotation methods. # Default: -# Logfile_rotate 0 + Logfile_rotate 10   # TAG: emulate_httpd_log on | off # The Cache can emulate the log file format which comment 'httpd' @-Example 3, 7 + example 4, 7 @@ # During shutdown mode. Any active clients after this operation # Seconds will receive a 'timeout' message. # Default: -# Shutdown_lifetime 30 seconds + Shutdown_lifetime 2 seconds   # ADMINISTRATIVE PARAMETERS

# Worker pay attention to maximum_object_size. Because I found that the memory has been consumed more than 200 MB through the free-m check, I have asked squid3 to use MB as the memory cache; cache_dir ufs/var/spool/squid3 1000 16 256 set according to personal circumstances, I set the memory card size to 1000, that is, 1 GB.

After the configuration is complete, run squid3-k parse to check whether there are any errors. If there are no errors, load the configuration directly through squid3-k reconfigure.

Can I browse the webpage normally now?

The following describes how to shield the advertisement site. First, edit the squid3 configuration file/etc/squid3/squid. conf and add the following content:

The Code is as follows:

Copy code

# Disable ads (http://pgl.yoyo.org/adservers) Acl ads dstdom_regex "/etc/squid/ad_block.txt" Http_access deny ads # Deny_info TCP_RESET ads create ad List Update script ad_servers_newlist.sh: #### Calomel.org ad_servers_newlist.sh # # Get new ad server list Wget-O/etc/squid3/ad_block.txt 'HTTP: // pgl.yoyo.org/adservers/serverlist.php? Hostformat = squid-dstdom-regex & showintro = 0 & mimetype = plaintext'   # Refresh squid /Usr/sbin/squid3-k reconfigure

For the specific list of blocked ads, see here. Well, run the script below:

Sudo sh ad_servers_newlist.sh
Then you can access the URL listed in the ad list to see if it has been intercepted by squid3?

Today, I set up a Web server on raspberry, and found that when eth0 is not connected to the Internet, access to this Web Service is very slow, so I decided to rewrite the above iptables rules, assuming that the IP address of raspberry host wlan0 is 192.168.43.1, we can leave all accesses to this address unforwarded. The final rules are as follows, before performing this operation, we recommend that you use sudo iptables-t nat-F to clear the previous settings:

The Code is as follows:	Copy code
Sudo iptables-t nat-a prerouting-I wlan0-p tcp-d 192.168.43.1 -- dport 80-j ACCEPT Sudo iptables-t nat-a prerouting-I wlan0-p tcp -- dport 80-j REDIRECT -- to-ports 3128 Sudo iptables-t nat-a postrouting-o eth0-j MASQUERADE Sudo iptables-a forward-I eth0-o wlan0-m state -- state RELATED, ESTABLISHED-j ACCEPT Sudo iptables-a forward-I wlan0-o eth0-j ACCEPT