1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Squid Proxy Firewall Script not working

Discussion in 'Tomato Firmware' started by threehappypenguins, Feb 10, 2014.

  1. threehappypenguins

    threehappypenguins Serious Server Member

    I followed this tutorial to install Squid on my Windows 8 laptop: http://b0zmeister.wordpress.com/install-configure-squid-proxy-server-for-windows/

    Everything went well, and I was able to test it by changing the proxy settings in my computer. Then, of course, I put the proxy settings back to normal in my computer because I want a transparent proxy to run on my Linksys router running Tomato so that anyone connecting to my network will go through the proxy on my laptop (it's on all the time, anyway).

    My network is as follows:

    Speedstream Modem/Router (in bridge mode so it's only used as a router): 192.168.0.1 (no access to the web GUI anymore... so I don't think the IP address is even applicable for anything).
    Linksys router: 192.168.1.1
    Laptop running Squid: 192.168.1.149


    I tried putting in this code.

    Code:
    #!/bin/sh
    
    iptables -t nat -A PREROUTING -s ! 192.168.1.149 -p tcp --dport 80 -j DNAT --to 192.168.1.149:3128
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d squid-box -j SNAT --to 192.168.1.0/24
    iptables -A FORWARD -s 192.168.1.0/24 -d squid-box -p tcp --dport 3128 -j ACCEPT
    What am I missing? Do I need to do any port forwarding? I don't really know what I'm doing... I just copied and pasted this code and changed the IP addresses to what I think I was supposed to...
     
  2. threehappypenguins

    threehappypenguins Serious Server Member

    I also tried this code from the DD-WRT website: http://www.dd-wrt.com/wiki/index.php/Squid_Transparent_Proxy

    Code:
    #!/bin/sh
    PROXY_IP=192.168.1.149
    PROXY_PORT=3128
    LAN_IP=`nvram get lan_ipaddr`
    LAN_NET=$LAN_IP/`nvram get lan_netmask`
    
    iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
    iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
    iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
    iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
    Still not logging anything...
     
  3. threehappypenguins

    threehappypenguins Serious Server Member

    I don't know if I changed the right part in the conf file for Squid either. I don't really understand how to edit the conf file. I edited a section that looks like this:

    Code:
    #    If you run Squid on a dual-homed machine with an internal
    #    and an external interface we recommend you to specify the
    #    internal address:port in http_port. This way Squid will only be
    #    visible on the internal address.
    #
    # Squid normally listens to port 3128
    http_port 3128 
    I changed the last part to:

    Code:
    # Squid normally listens to port 3128
    http_port 192.168.1.149:3128 transparent
    
    I figured that because the "#" wasn't beside the part "http_port 3128" that this was the proper part to edit. There's also this other section with this big list and one of them says:

    Code:
    #     %MYPORT    Squid http_port number
    I did not touch this part...

    I assume I did it right since Squid worked when I changed the proxy settings on my computer to test it, it started logging stuff. But again, like I said before, I put the proxy settings in my computer back because I want transparent proxy running so that all devices that connect to my router have to go through the Squid proxy on my laptop.
     
  4. koitsu

    koitsu Network Guru Member

    Just an FYI in passing: any line that starts with hash (#) is a comment, i.e. squid ignores the line.
     
  5. jerrm

    jerrm Network Guru Member

    Have you seen anything that transparent proxying works under squid on windows? Last release notes I see say no, a quick google only shows a solution using a third party product and ICS with squid.
     
  6. threehappypenguins

    threehappypenguins Serious Server Member

    What is ICS? What third party product?
     
  7. koitsu

    koitsu Network Guru Member

  8. jerrm

    jerrm Network Guru Member

    ICS = Internet Connection Sharing. Essentially using the PC as the router. Google squid windows transparent proxy for the product info - there was a youtube howto for it and some other entries.

    Squid inside a Linux VM would probably be an easier solution - or spend $30 for a router with USB and run squid or urlsnarf on the router.
     
    Last edited: Feb 12, 2014

Share This Page