Squid Transparent proxy server : How to configure

In our earlier tutorials (Squid Proxy server installation & configuration PART 1 & PART 2 ), we have learned to install & configure squid proxy server. We will now, in this tutorial, learn to configure Squid transparent proxy server. With setting up Squid transparent proxy server, we have a major advantage of not configuring proxy setting on every user’s machine. Being transparent means that users will have no idea that there requests are being passed through a proxy server.

Squid as transparent proxy acts as a gateway between internet and users. It redirects all the internet traffic from port 80 to squid proxy’s port i.e. 3128. So now let’s start with the setting squid as transparent proxy…

( Also read : Setting up squid with authentication )



Firstly, we need to install squid proxy server on the system. To install it, execute

$ sudo yum install squid -y


Configuring squid

Next we need to enable IP Packet Forwarding on the machine, to do this

$ sudo vim /etc/sysctl.conf

then change the following parameter to ‘1’, i.e.

net.ipv4.ip_forward = 1

Save file & exit. Now execute the following command to implement the changes made,

$ sudo sysctl -p

Next, we will configure the squid proxy using it’s main configuration file i.e. ‘/etc/squid/squid.conf’,

$ sudo vim /etc/squid/squid.conf

& make changes as follows to the options mentioned,

http_access allow all

http_port 3128 intercept

visible_hostname squid.proxy

Now save the file & exit. Next to implement the changes restart the squid service,

$ sudo service squid restart

$ chkconfig squid on


Configuring firewall rules

All that remains in the configuration for setting up squid transparent proxy is firewall rules configuration. Firewalld rules for RHEL/CentOS 7 are ,

$ sudo firewall-cmd –permanent –zone=public –add-forward- port=port=80:proto=tcp:toport=3128:toaddr=

$ sudo firewall-cmd –permanent –zone=public –add-port=3128/tcp

$ sudo firewall-cmd –permanent –add-masquerade

$ sudo firewall-cmd –reload

here, is the LAN IP address of the squid proxy server.

For RHEL/CentOS 6, the Iptables rules are

$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j DNAT –to

$ sudo iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3128

$ sudo iptables –t nat -A POSTROUTING –out-interface eth1 -j MASQUERADE

After the changes have been made to firewall rules, our server is now ready to work as a squid transparent proxy. All we have to do test this, is to change the gateway of the client machine to the IP address of squid server i.e. When we access any website from client machine, it will first arrive at squid proxy server on port 80 & will then be redirected to port 3128, then after analysing the ACLs, traffic will be forward to WAN or internet.

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Become a Supporter – Make a contribution via PayPal

[paypal_donation_button align=”left” border=”1″]

Linux TechLab is thankful for your continued support.


Passionate about Linux & open source. Loves to learn, read & write about Linux as well as new technologies.

You may also like...

Leave a Reply