Transparent Proxy with Squid - Setup Guide
This is intended as simple solution/guide to setup a transparent proxy with Mac OS X.
My consideration:
1 - Mac with 2 NIC (en0 - external (DSL), en1 - internal (private))
2 - squid-2.5.STABLE12-20051103
Steps:
SQUID Configuration.
1. Download http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE12.tar.gz
2. Expand
3. Configure (eg: ./configure --prefix=/opt/squid)
4. Make install
5. Edit squid.conf and include the following at the bottom of the squid.conf
http_port 127.0.0.1:3128
cache effectivegroup nobody
cache effectiveuser nobody
forwarded_for off
httpd accelhost virtual
httpd accelport 80
httpd accel_singlehost off
httpd accel_uses_hostheader on
httpd accel_withproxy on
6. Create a squid cache directory
./squid -z
7. Run it
./squid
----------------------------
IPFW tinkering.
1. Take note of en1 info.
Eg: 192.168.0.0 (NET)
255.255.255.0 (MASK)
en1 (NIC)
2. Add a rule to firewall configuration.
sudo ipfw add 1000 fwd 127.0.0.1,3128 tcp from NET:MASK to any 80 via NIC
* substitute the NET, MASK and NIC with your own network info.
3. All set. (finger crossed)
Ideally, every machine on the private network should connect to web via squid without the need to configure to use the proxy. The users wouldn't know that they connecting via proxy.
That's it.
Cheers
My consideration:
1 - Mac with 2 NIC (en0 - external (DSL), en1 - internal (private))
2 - squid-2.5.STABLE12-20051103
Steps:
SQUID Configuration.
1. Download http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE12.tar.gz
2. Expand
3. Configure (eg: ./configure --prefix=/opt/squid)
4. Make install
5. Edit squid.conf and include the following at the bottom of the squid.conf
http_port 127.0.0.1:3128
cache effectivegroup nobody
cache effectiveuser nobody
forwarded_for off
httpd accelhost virtual
httpd accelport 80
httpd accel_singlehost off
httpd accel_uses_hostheader on
httpd accel_withproxy on
6. Create a squid cache directory
./squid -z
7. Run it
./squid
----------------------------
IPFW tinkering.
1. Take note of en1 info.
Eg: 192.168.0.0 (NET)
255.255.255.0 (MASK)
en1 (NIC)
2. Add a rule to firewall configuration.
sudo ipfw add 1000 fwd 127.0.0.1,3128 tcp from NET:MASK to any 80 via NIC
* substitute the NET, MASK and NIC with your own network info.
3. All set. (finger crossed)
Ideally, every machine on the private network should connect to web via squid without the need to configure to use the proxy. The users wouldn't know that they connecting via proxy.
That's it.
Cheers