Transparent Squid Cache Proxy Server Configuration in 5 easy steps on CentOS / RHEL / Fedora Core / Scientific Linux
Configure Transparent Squid cache proxy in 5 Easy Steps on CentOS RHEL Fedora Scientific Linux
Step 1
[root@squid-server ~]#vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 #### If it is 0 make it 1 for packet forwarding ####
wq!
[root@squid-server ~]#sysctl -p
Step 2
[root@squid-server ~]#yum install -y squid
[root@squid-server ~]#vim /etc/squid/squid.conf
search these options using / and edit as required
http_port 192.168.1.254:3128 transparent #### 192.168.1.254 is squid server's ip###
acl our_networks src 192.168.1.0/24
http_access allow our_networks
cache_dir ufs /var/spool/squid/ 1000 32 256 ##### cache directories must be at /var/spool/squid #####
visible_hostname squidserver-myorg.com
wq!
[root@squid-server ~]#squid -z
[root@squid-server ~]# service squid start
Step 3
[root@squid-server ~]#iptables -F
[root@squid-server ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 –dport 80 -j REDIRECT –to-port 3128
[root@squid-server ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@squid-server ~]#service iptables save
Step 4
[root@squid-server ~]#modprobe ip_conntrack_ftp
[root@squid-server ~]#modprobe ip_nat_ftp
[root@squid-server ~]#chkconfig squid on
[root@squid-server ~]#chkconfig iptables on
Final Step 5
Now add all rules into RC Local file to start these rules at booting time of Linux Machine
[root@squid-server ~]# vi /etc/rc.local
#!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
service squid start
iptables -F iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#Load FTP module #modprobe ip_conntrack_ftp #modprobe ip_nat_ftp modprobe ip_conntrack_ftp modprobe ip_nat_ftp
wq!
Please make sure the clients should be configured to use Squid server as Gateway IP for accessing Internet