SQUID TRANSPARENT PROXY ON UBUNTU

SQUID TRANSPARENT PROXY 3.1.19 ON UBUNTU 12 STEP BY STEP

sudo su

apt-get install squid

#Key File Locations
## Squid configuration file
/etc/squid/squid.conf

## Squid access log file

/var/log/squid/access.log

cp /etc/squid3/squid.conf  /etc/squid3/squid.conf.orig

## To remove blank and commented lines 

cd /etc/squid3/ 

sed '/^$/d' squid.conf > squid.conf.ed && sed '/^\#/d' squid.conf.ed > squid.conf.edi && echo $?

mv squid.conf.edi squid.conf 

nano /etc/squid3/squid.conf 

## WELCOME TO SQUID 3.1.19
## -----------------------
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt 

acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

## Insert your own rules here
acl bldownload url_regex -i "/etc/squid3/download.acl"
acl download method GET
acl officehours time MTWHF 9:00-13:00
acl officehours time MTWHF 14:00-17:00
acl blsites url_regex -i "/etc/squid3/officetime.acl"

http_access deny bldownload
http_access deny download
http_access deny blsites officehours

acl fblock dstdomain .facebook.com
http_reply_access deny  fblock officehours
http_access deny CONNECT fblock officehours

http_access allow localnet
http_access deny all

http_port 192.168.0.10:3128 intercept

## Cache Settings
cache_mem 51200 MB
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /cache/squid3 51200 16 256

#cache_mem and cache_dir 51200 must be same otherwise it will be a warning to initialize cache

## Access and Cache logs
access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log

coredump_dir /proxycache/squid3

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320

visible_hostname raabtaproxy

mkdir /cache && mkdir /cache/squid3 && chown proxy:proxy /cache/squid3 && chmod 777 /cache/squid3 && echo $? 

touch /etc/squid3/download.acl && touch /etc/squid3/officetime.acl && echo $? 

## To start restart or stop the squid
/etc/init.d/squid3 start|restart|stop  

## To reconfigure policies 

squid3 -k reconfigure 

## to initialize cache

squid3 -z

## To make transparent proxy

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERAD

## To save iptables 

iptables-save > iptables-tproxy 

## To restore iptables

iptables-restore < iptables-tproxy