Its a tired long day for today as I spend almost half a day to setup the Squid-2.6 in transparent mode with squidGuard and I think most of you will think that I’m that dumb takes so long to configure that. It’s a very good experience to learn that you always need to keep up to the latest update on Linux as if you have stopped playing with it you will loose out.
That’s why it took me so long till I found out what’s the problem. First there was problem with squidGuard that all the configuration was done perfectly but the filtering was not working, end up manage to find the problem was the blacklist was not build with .db format. Second problem was the new Squid configuration for transparent mode was different from the older version and much more simpler. Below I write up all the steps to configure transparent proxy with squidGuard.
Pre-requisite : Squid-2.6, squidGuard-1.4 and iptables
1) Squid and iptables can be installed from the distro cd media, I’ll assume you have already done so.
2) Download squidGuard from here, unpack the package after finish download and do the installation as follow:-
3) After done the installation, now you need to download the blacklist file and I have do a small script to download the blacklist and update into the db folder. Copy the following and paste into a new file, save the file and change the file mode to 777 by “chmod 777 <filename>”.
rm -f /usr/local/squidGuard/db/blacklists.tgz
wget -c http://squidguard.mesd.k12.or.us/blacklists.tgz
rm -rfv /usr/local/squidGuard/db/blacklist/*
tar xvfz /usr/local/squidGuard/db/blacklists.tgz
/usr/local/bin/squidGuard -C all
chown -R squid.squid /usr/local/squidGuard/db/blacklists/*
You need to configured the squidGuard.conf before you can use the squidGuard, here is a sample of the squidGuard.conf configuration file for your reference.
4) Just execute “./<filename>” to download the blacklist and update the blacklist database. You also can schedule this script to run weekly to update the blacklist database via crond.
5) After done the SquidGuard installation we proceed to configure the Squid to enable the SquidGuard filter and add the following
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
at the end of the squid.conf file.
6) Then look for the line contain “http_port 3128” and add “transparent” behind as below
“http_port 3128 transparent”
this is how it enable the transparent proxy for the new squid version. Save the file and reload the squid using the following command
/sbin/service squid reload
7) The transparent proxy would not successful without add a firewall rules in the iptables as below
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
change the “eth0” according to your network interface and add other firewall rules that required but I would not cover it here as it depend on your network environment. Make sure you have put the above line into “/etc/rc.local” so everytime the system boot up will have the iptables rules enabled.
Here we have completed on the Squid Transparent Proxy with SquidGuard successfully configured.