I want to use Squid 2.7 as a transparent caching proxy for HTTP traffic on a Raspberry Pi running Debian Linux. The raspberry pi will be connected to my wifi router (MBR1400) using a single network interface.
I've already set up Squid and it works great from other computers, as long as I specify the Proxy Configuration manually, such as:
curl --proxy 192.168.0.250:3128 http://google.com
This also works correctly if I instruct Chrome, Firefox, or OS X to use the correct proxy ip, 192.168.0.250.
The trouble comes when I try to make it "transparent."
I've tried to make it transparent by configuring adding a static route to the router so that all traffic will pass through the Squid box. And then use iptables on the Squid box to redirect port 80 traffic to port 3128.
Detailed steps
1) Add a static route to my router
IPv4 (v6 has been disabled) IP Address: 192.168.0.1 Netmask: 255.255.255.128 Gateway: 192.168.0.250 METRIC: 1 This shows a routing table of
IP GW Metric 192.168.0.0 192.168.0.250 1 # mine 192.168.0.0 0 # system default # plus some other routes that I don't think are important 2) add iptables rules on the squid box
# clear existing iptables rules iptables -F iptables -X iptables --table nat -F iptables --table nat -X iptables --table mangle -F iptables --table mangle -X # the rest of these rules were adapted from a blog post and I don't fully understand how they work iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.0/24 -p tcp --dport 80 -j DNAT --to 192.168.0.250:3128 iptables -t nat -I POSTROUTING -o eth0 -s 192.168.0.0/24 -d 192.168.0.250 -p tcp -j SNAT --to 192.168.0.1 iptables -I FORWARD -i eth0 -o eth0 -s 192.168.0.0/24 -d 192.168.0.250 -p tcp --dport 3128 -j ACCEPT Am I on the right track? Does the static route look correct? What is wrong with my iptables rules?
