Squid Transparent proxy configuration

first of all, what is transparent proxy to introduce?
transparent proxy means that the client does not need to know the existence of a proxy server, it changes your request fields (messages), and transmits the real IP, more for the NAT forwarding of the router.

The principle of transparent proxy is this:
1. Assume that a is an internal network client
2. B is an external network server, B provides services for the HTTPD service, the listening port is
3. C is the proxy server (also our gateway), if the proxy server provides a service port of 3128

procedure: When a to the 80 port of B request data, TCP connection request first through c,c see a request is B of 80 port, c because already set up forwarding rules, so C will send a request 80 port to their 3128 port, that is, a will directly access C's 3128 port, Instead of the B server's 80 port, at this point, C will go to the B's 80 port, the request for a to access B request data first, save to C, and then C then spit the request data to a. In a view, it appears to be a direct request for B, which is not the case in practice. Because these connection processes are automatic, there is no need for the client to manually configure the proxy server, and even the user does not know that the proxy server exists, and therefore is transparent to the user.

below to configure the transparent proxy:

through the above analysis, we know that only your proxy server for the gateway, you can achieve the function of transparent proxy, otherwise invalid. In practice, the transparent proxy server should have at least two network cards, the first network card connected to the external network, or it can be directly connected to the Internet, the second network card connection is an internal LAN segment, that is, want to use proxy network segment.

assuming that the transparent proxy server's network card eth0 set IP to 10.2.1.100 (Internet-capable IP), the network card eth1 IP set to 192.168.19.1, then the transparent proxy to the Internet LAN segment should be 192.168.19.0/ 24, and the client on the LAN should set the gateway address to 192.168.19.1.

1. Install squid
Yum install-y Squid

Of course you can also compile the source code to install, compile parameters can be consulted:

./configure--prefix=/usr/local/squid \

--disable-dependency-tracking \

--enable-dlmalloc \

--enable-gnuregex \

--DISABLE-CARP \

--enable-async-io=240 \

--with-pthreads \

--enable-storeio=ufs,aufs,diskd,null \

--DISABLE-WCCP \

--disable-wccpv2 \

--enable-kill-parent-hack \

--enable-cachemgr-hostname=localhost \

--enable-default-err-language=simplify_chinese \

--with-build-environment=posix_v6_ilp32_offbig \

--with-maxfd=65535 \

--with-aio \

--disable-poll \

--enable-epoll \

--enable-linux-netfilter \

--enable-large-cache-files \

--disable-ident-lookups \

--enable-default-hostsfile=/etc/hosts \

--WITH-DL \

--with-large-files \

--ENABLE-REMOVAL-POLICIES=HEAP,LRU \

--enable-delay-pools \

--ENABLE-SNMP \

--disable-internal-dns

2. Configure squid.conf
How to configure it here is not to repeat the

3. Create a cache directory and modify permissions
Mkdir/data/cahce, Chown-r squid:squid/data/cache

4. Initializing the cache directory
squid-z

5. Start Squid
Service Squid start

6. Turn on port forwarding
echo "1" >/proc/sys/net/ipv4/ip_forward

7. Setting up firewall rules
iptables-t nat-a postrouting-o eth0-j Masquerade
iptables-t nat-a prerouting-p tcp-s 192.168.19.0/24--dport 80-j REDIRECT--to-ports 3128

This article is from the Linux OPS blog, so be sure to keep this source http://zhumy.blog.51cto.com/11647651/1794504

Squid Transparent proxy configuration