CentOS 6 – Setup a Transparent Squid proxy Server

“In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers”  Wikipedia link.  In other words machine XYZ that is located within your network, instead of connecting directly to the internet to request a web page   it will go through the proxy server. With a more advanced setup you can control access to  SSH , FTP and so on.  This adds a layer of security because you can control what type of requests your users are allowed to use and you can also impose rules as to what your users can do with already allowed requests.  In addition you can create a cache of web pages that will reside in your proxy server. This reduces the overhead on the network because the contents of web pages do not have to fetched from the Internet each time your users request it.

Requirements:

– One Linux machine that will act as a Proxy Server.

Only needed if you have web servers hosted internally in your LAN: One Windows/Linux machine that will act as a DNS server. You can setup your Proxy Server as a DNS server as well. However, in my home lab I have a Windows 2012 Active Directory which in turn acts as my internal DNS server.

How does it work:

– User George is trying to make an HTTP connection somewhere on the internet.

– George’s machine is configured to have as it’s Default Gateway the Proxy Server. The “Gateway” setting tells a machine where to go in order to have access to the outside network. It is an IP address. Typically it points to the IP address of your router. However in this case your Gateway is the proxy server. In turn the proxy server uses as it’s own Gateway the IP address of your router.

– Once George has requested a web page, his machine will now connect to the Proxy Server. The Proxy Server will first check to see if George’s machine is allowed to connect to it and then it will check to see if George’s machine belongs to a network that is allowed to browse the Internet.

– Once the Proxy server  sees that George’s machine is allowed to use the Internet (HTTP service) it will search for http://awesomenothing.com/ on it’s own host file to resolve the name. If it cannot find it, it will then connect to the internal DNS server and make a request for it. If the internal DNS cannot find an entry, then the Proxy server will go through the router to reach an external DNS to make a name resolution.

– Then the Proxy Server will feed the data it received from the web site and forward it back to George’s machine.

– George is a happy camper.

 

Installation 

To install the proxy software run:

yum install squid

 

Configuration:

vi /etc/squid/squid.conf

You will first need to create an ACL entry for the network you wish to allow (or deny) connections to your proxy server. In addition you will have to give your network a name. For example on my proxy server I created the following ACL entry.

acl mylan_network src 192.168.1.1/24

Then you will have to specify that you allow this specific network to access your proxy server by entering:

http_access allow mylan_network

Then you will have to add “transperant” nect to the http_port line

http_port 3128 transparent

Then you will have to create an IPTABLE rule for your proxy server to route traffic as needed. This rule will configure IPTABLES for web requests only.

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128

Restart squid:

service squid restart

 

On the client machine:

You will have to change the Gateway to point to your proxy server.

vi /etc/sysconfig/network-scripts/ifcfg-"the_name_of_your_nic"

There enter the GATEWAY=The IP address of your Proxy server.

 

Done 🙂

 

 

Share Button

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload the CAPTCHA.