Setup a Transparent Proxy using Squid Proxy Server
Setup a Transparent Proxy using Squid Proxy Server. In this post, we introduce Squid proxy, its advantages, and working principle then show you how to set up a transparent proxy using Squid.
After setting up a transparent proxy, you don’t need to define proxy settings on each user’s web browser. In this setup, the Squid server acts as a gateway between users and the internet. When any user accesses the internet, the transparent proxy redirects all the internet traffic from port 80 to the squid proxy’s port 3128.
Since the internet became publicly available, there has been ongoing competition to achieve the fastest internet connections. Proxy cache servers are one of the multiple means used to obtain steadily higher speeds. One of these servers is the Squid Proxy Cache Server. This article discusses Squid Proxy, how it works, and its advantages.
What is Squid Proxy?
An open source proxy server called Squid serves cache and proxy services for the Web. It operates as a reverse proxy, delivering client requests to servers, or a forward proxy, receiving and transmitting client requests to servers.
Moreover, Squid is a highly configurable software program that is modified to match the specific needs of an individual or a company. Many companies prefer it due to its flexibility, configurability, and capacity to manage large traffic volumes.
How Does Squid Works?
All in all, a proxy server for caching called Squid acts as a link between client computers and the Internet. Caching frequently accessed web pages, files, and other data increases the network speed and decreases the quantity of data transferred over the network.
Squid examines its cache when a client computer requests a website to see whether it already contains a copy of the content. If so, it delivers cached page to the client. If the page isn’t already in the cache, Squid fetches it from the Internet and stores a copy for later use in its cache.
Furthermore, Squid performs various tasks like request filtering, network optimization, and authentication. Let’s have a look at its process:
- Client sends a request: A client, such as a web browser, sends a request for a resource, such as a web page, to the Squid proxy.
- Squid checks the cache: Checks its cache to see if it already has a copy of the requested resource.
- It returns cached resource: If the resource is in the cache, Squid returns the cached resource to the client.
- Squid retrieves the resource: If the resource is not in the cache, Squid forwards the request to the appropriate server, retrieves the resource on behalf of the client, and caches the resource for future use.
- It returns the resource to the client: Returns the retrieved resource to the client.
Advantages of Squid Proxy
Squid proxy not only secures your system proxy but also serves numerous advantages:
- Filtering: Squid proxy is beneficial for parental control, network security, and content filtering. You set it up to restrict access to particular sites or kinds of content.
- Load balancing: Squid divides incoming requests among several backend servers, helping in load balancing and improving performance.
- Access control: Administrators build up authentication and authorization procedures using Squid to control Internet access.
- Authentication: Squid is set up to ask for user authentication before providing access to the internet. That proves to be beneficial in a corporate environment.
- Customisation: Squid is highly flexible and adaptive to a company’s special needs.
- Traffic optimization: Squid proxy compresses data, reduces the number of network requests, and prevents redundant data transfers, which may significantly increase web access speed.
- Compatibility: Squid proxy is a flexible solution for various network settings because it supports numerous protocols, including HTTP, HTTPS, FTP, and others.
Overall, Squid proxy is a helpful tool for many users because it can improve the internet connection speed, security, and efficiency for both individuals and organizations.
We have arrived to the main part of of how to Setup a Transparent Proxy using Squid Proxy Server.
Setup a Transparent Proxy using Squid Proxy Server
This section explains how to set up Squid as a transparent proxy on Linux server.
Prerequisites
- A server running Linux Operating System.
- A root user or a user with sudo privileges.
Update the System
Before starting, it is always recommended to update your system with the latest packages.
apt update -y
apt upgrade -y
If you want to update CentOS, RHEL, and Fedora based Linux distributions, run the following command.
dnf update -y
Once your system is updated, proceed to the next step.
Setting Up IP Forwarding
In order to use Squid as a transparent proxy, you will need to enable IP forwarding on your server. Enable it by editing sysctl.conf file.
nano /etc/sysctl.conf
Uncomment the following line:
net.ipv4.ip_forward = 1
Save the file then run the following command to implement the changes.
sysctl -p
Installing Squid Proxy Server
Next, you need to install the Squid proxy server package on your server. By default, this package is included in the default repository of all major Linux distributions.
apt install squid -y
dnf install squid -y
After installing the Squid package, start the Squid service and enable it to start at system reboot.
systemctl start squid
systemctl enable squid
Check the status of Squid with the following command.
systemctl status squid
If you want to verify the Squid version, run the following command.
squid -version
You should see the Squid version information on the following screen.
Configuring Squid as a Transparent Proxy
By default, the Squid main configuration file is located at /etc/squid/squid.conf. You need to edit it and modify some changes.
nano /etc/squid/squid.conf
Change the following lines:
http_access allow all
http_port 3128 intercept
visible_hostname squid.proxy
Save and close the file when you are finished. Then, restart the Squid service to implement the changes.
systemctl restart squid
Once you are done, proceed to the next step.
Configuring Firewall Rules
Next step is to add some firewall rules to forward packets received at port 80 to Squid.
Configure Iptabes Firewall for Squid
If you are using iptables firewall then you add rules with the following command.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables --t nat -A POSTROUTING --out-interface eth1 -j MASQUERADE
You need to add modify the eth0 network interface if you have another interface configured on your server. Now, you list all your added rules with the following command.
iptables -t nat -L
You should see all iptables rules on the following screen.
If you did any misconfiguration and want to delete all rules, run the following command.
iptables -t nat -F
Configure Firewalld Firewall for Squid
firewall-cmd --permanent --zone=public --add-forward- port=port=80:proto=tcp:toport=3128:toaddr=squid-ip
firewall-cmd --permanent --zone=public --add-port=3128/tcp
firewall-cmd --permanent --add-masquerade
After adding all rules, reload the Firewalld service to implement the changes.
firewall-cmd –reload
Configure Client to Use Squid Proxy Server
After setting up a Squid as a transparent proxy, you need to configure a client machine to route all internet traffic via the Squid server. Follow the below steps to configure the client machine.
Step 1 – Log in to your Ubuntu desktop in my example or your Windows desktop and open the Network settings. You should see the following screen. If using Windows you find these settings in your browser settings.
Step 2 – Click on the + icon beside the Wired connection. You should see the Network configuration wizard.
Step 3 – Click on the IPv4 tab then provide private IP from Squid IP range, subnet mask, provide Squid server IP in gateway field, DNS IP then click on the Add button to save the changes. You should see the newly added network interface on the following screen.
At this point, your Squid server is configured as a transparent proxy. When any user accesses the internet, all request goes via the Squid server.
Thank you for reading Setup a Transparent Proxy using Squid Proxy Server. We shall conclude.
Setup a Transparent Proxy using Squid Proxy Server Conclusion
In this post, you have learned how to install and configure Squid as a Transparent proxy on Linux. You can now track all user’s activity from the Squid server. As more people become aware of the benefits of using web proxies, their use has increased. Lastly, Proxy servers are becoming more common, especially among individual and casual customers, due to improved online security and accessibility.
Following, Squid proxies are often used by those seeking a two in one solution. It works as a caching tool in addition to serving as a reliable proxy server. Using a single Squid proxy does not necessitate the installation of any extra servers.
Do explore more of our Squid Proxy content, by navigating to this section of our blog.
