I have a Cudy LT300 router which doesn't support proxy configuration, but I need the clients connected to this router to use a transparent proxy. I mean, proxy cannot be configured in each client.
I also have a Ubuntu server with 2 network adapters:
- wlp2s0 (Wi-Fi adapter, currently in user to access to the Internet, using 192.168.88.0/24 subnet)
- enp1s0 (Ethernet adapter, which I would connect to the WAN port of my router to proxy the Internet access, using 192.168.99.0/24 subnet)
Would it be possible to use Squid in my Ubuntu server for such configuration. I managed to do so but it only works if I connect my iPhone to Cudy LT300 SSID and configure the proxy manually in my iPhone. Otherwise, it doesn't work. Traffic reachs Internet, but through my ISP IP address and not the proxy IP address.
My current config
squid.conf
######################### # Squid main config ######################### # Explicit proxy port (clients can be manually configured here) http_port 3128 # Intercept port (iptables will redirect HTTP here) http_port 3129 intercept # Define our LAN acl localnet src 192.168.99.0/24 # Pull in your parent-pool include /etc/squid/peers.conf #### ─── ACCESS CONTROLS ───────────────────────────────────── # Allow CONNECT (HTTPS) as well as normal HTTP GETs acl SSL_ports port 443 acl Safe_ports port 80 # http acl CONNECT method CONNECT # Allow & deny rules http_access allow localnet Safe_ports http_access allow localnet CONNECT http_access deny all iptables
iptables -t nat -F PREROUTING # 1) Don’t catch the Cudy’s admin UI at 192.168.99.10 iptables -t nat -I PREROUTING 1 -i enp1s0 -d 192.168.99.10 -p tcp --dport 80 -j ACCEPT # 2) Redirect all other HTTP → Squid’s intercept port (3129) iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 80 -j REDIRECT --to-port 3129 iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 443 -j REDIRECT --to-port 3129 
