I’ve been tinkering with my home network and in particular with setting up Squid for caching duties. This was easy enough but also required manual configuration on any other systems to actually use it.
Wouldn’t it be easier for this to happen automatically?
The answer lies in transparent proxying which turned out to be possible with my setup.
I went with Squid3 and that just needed to be told to expect to work in this fashion:
# Squid normally listens to port 3128
http_port 3128 transparent
The next step as to get outbound web traffic redirected to the Squid box, which would then perform its duties.
This would normally require a dedicated firewall, and although most ADSL routers nowadays have rudimentary routing capabilities, I thought I was going to have to end up installing Smoothwall or similar.
Thankfully, the DG834G is running a form of embedded Linux. Although the web interface doesn’t allow complex firewall rules changes, it is possible to telnet in directly to play with iptables.
Once in, just a case of setting up the following rules:
iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp –dport 80 -j DNAT –to squid-box:3128
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT –to iptables-box
iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp –dport 3128 -j ACCEPT
(With squid-box and local-network replaced with the relevant numbers!)
The above courtesy of: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s6.
Once done, it just works! One bad thing is that it is not possible to save such custom rules from the telnet interface, so upon a reboot they will need to be manually put back. There are ways round this as you can roll your own custom firmware but that is something for another time.