Ubuntu 12.04 : Install Squid Transparent Proxy

How to Set Up Transparent Proxy with Squid3 and dhcp3-server on Ubuntu 12.04

Source :




Untuk menjadikan Squid sebagai Transparent Proxy, posisi squid transparent proxy server ini harus sebagai gateway di jaringan (LAN).

Berikut ini adalah tutorialnya yang sudah saya edit karena menggunakan Ubuntu 12.04 (jangan lupa backup dulu semua file konfigurasi yang asli) :

Squid is a very well known and vastly used cache proxy server for the common web protocols such as HTTP, HTTPS, FTP and more. It caches frequently accessed web pages and thus reduces bandwidth and response time. Squid is available for almost all the platforms including Windows. It is open source and available under GNU/GPL.

Advantages of setting up Squid as Transparent Proxy include the fact that you don’t need to configure all the machines on your LAN to connect to Squid manually. All the traffic would be redirected to the Squid Listening Port automatically and your Ubuntu Box would act like a Router.

Follow these steps to set up a Transparent Proxy Server with Squid3 on Ubuntu Lucid (10.04).

1. Install Ubuntu Lucid Server or Desktop on your computer. Both Server and Desktop editions are capable of doing this job equally well.

2. Change your network interfaces from DHCP to Static.

Sebelumnya backup dulu file konfigurasi aslinya :

cp /etc/network/interfaces /etc/network/interfaces.asli1

sudo nano /etc/network/interfaces

Tip: You can also use gedit instead of nano if you are using Ubuntu Desktop.

Delete all the text and paste this text in your interfaces file:

auto eth0
iface eth0 inet static

post-up iptables-restore < /etc/iptables.up.rules

auto eth1
iface eth1 inet static

Where is the IP address of your WAN interface and is the IP address of your LAN interface.

3. Install squid3:

sudo apt-get install squid3

4. Make a backup of your squid.conf for future reference. Squid.conf has nearly all the options listed and it is recommended to go through that file to know more about squid options.

sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original

5. Configure squid3.

sudo nano /etc/squid3/squid.conf

Remove all the text and paste this text in your squid.conf file for a minimal configuration:

http_port 3128 transparent
acl LAN src
acl localnet src
http_access allow LAN
http_access allow localnet
cache_dir ufs /var/spool/squid3 20000 16 256

Where is the range of your LAN interface.

The last line in that file is defining a cache directory for squid3 to use. Here, the first number denotes the size of cache in MB, 20 GB in this case.

Save and close this file.

6. Restart squid3:

sudo /etc/init.d/squid3 restart

7. Edit /etc/sysctl.conf:

sudo nano /etc/sysctl.conf

In this file, uncomment the lines that enable packet forwarding for IPv4 and IPv6:


Save and close this file.

8. Define IPTABLE rules for port forwarding.

sudo nano /etc/iptables.up.rules

Paste this text in the file that opens up:


-A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j DNAT –to-destination
-A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

Save and close this file.

9. Edit /etc/rc.local:

sudo nano /etc/rc.local

Paste this text at the end of the file that opens up:

iptables -t nat -A POSTROUTING -s –o eth0 -j MASQUERADE

Save and close this file.

10. Reboot your server.

If you don’t want to go to each machine on your Network and configure it for a Static IP, you can use dhcp3-server to assign Dynamic IPs to all the computers on your LAN and make them forward all there internet traffic to your squid box.

11. Install dhcp3-server:

sudo apt-get install dhcp3-server

12. Edit /etc/default/dhcp3-server:

sudo nano /etc/default/dhcp3-server

Type eth1 in between the quotes in this line:


Save and close this file.

13. Make a backup of your original /etc/dhcp/dhcpd.conf:

sudo cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original

14. Edit /etc/dhcp/dhcpd.conf:

sudo nano /etc/dhcp/dhcpd.conf

Delete all the text and paste this text in the file that opens up:


default-lease-time 3600;
max-lease-time 3600;

option subnet-mask;
option broadcast-address;
option routers;
option domain-name-servers,;
option domain-name “my.domain.name”;

subnet netmask {

We are using Google DNS in this example. You can use your own DNS Server if you’ve configured one on your network.

Save and close this file.

Make sure all the cables on your network are plugged in and the devices are powered on.

15. Start dhcp3-server:

/etc/init.d/isc-dhcp-server restart

16. Reboot your server and everything should be working as it should after that.

If you want to bind IP addresses permanently to the same machines, see here:



Tambahan :

Untuk mengecek squid log = tail -f /var/log/squid3/access.log


Posted in Ubuntu 12

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: