# Squid transparent proxy



## Myron (Sep 16, 2009)

[ Cont.d from http://forums.freebsd.org/showthread.php?t=7041 -- Mod ]

now im gonna try to setup transparent proxy can someone give link for basic guide installation.

much appreciated


----------



## DutchDaemon (Sep 16, 2009)

Search these forums for 'transparent proxy' ..


----------



## Myron (Sep 28, 2009)

DutchDaemon said:
			
		

> Search these forums for 'transparent proxy' ..



hi dutch Ive successfully install my squid 3.0.14.tbz in my box, as i reading most of forums the pf rules is needing this redirect the HTTP traffic do i need to install ports for pf again?

thanks


----------



## DutchDaemon (Sep 28, 2009)

pf is part of the base system.

pf(4)
pf.conf(5)
pfctl(8)


----------



## Myron (Sep 29, 2009)

hey guys do u have any sample in pf rdr config  can you please post here i would say ver much thanks any can help me a basic


----------



## DutchDaemon (Sep 29, 2009)

Sure. On a router/gateway (not a bridge!):


```
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $int_if inet proto tcp from any to any port $web -> 127.0.0.1 port 3128
```

On a bridge (bridge only!)

```
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $int_if inet proto tcp from any to any port $web -> 127.0.0.1 port 3128
pass in quick on $int_if route-to lo0 inet proto tcp from any to 127.0.0.1 port 3128 keep state
```

The $web macro is an approximation. You can narrow it down to port 80 most of the time.

*Do not transparently proxy https / port 443 traffic at any time!*


----------



## Myron (Oct 12, 2009)

hello dutch its me again 

im already created cache directory 150gig space in my transparent proxy, the question is how can change the path directory to cache partition.

thanks


----------



## DutchDaemon (Oct 12, 2009)

I don't understand the question, I think. If you created a directory on your disc (preferably a mount point) and you want Squid to talk to it, set the proper 'cache_dir' in squid.conf (see /usr/local/etc/squid/squid.conf.default for examples), make sure the 'squid' directory is owned by user 'squid', and make sure you initialise it with `# squid -z`. I'm pretty sure this is covered in the documentation.


----------



## Myron (Oct 12, 2009)

ahhh sori dutch for mis explanation and sori for my bad english, i mean i already created a cache directory mount point.

thanks and regards


----------



## Myron (Nov 3, 2009)

DutchDaemon said:
			
		

> Sure. On a router/gateway (not a bridge!):
> 
> 
> ```
> ...



hello dutch i have a question, it is possible this kind setup?
example the ISP provide me a public static IP then the ip assigned to my router.

ISP ----- (brigde only)Transparent squid  ----- ROUTER(static public IP)

the public static IP it will pass in thru bridge proxy??

million thanks


----------



## DutchDaemon (Nov 3, 2009)

The protocol spoken between the ISP and the router is probably not 'straight IP' (PPPoE, PPPoA, etc), in which case the bridge won't be able to intercept/redirect the traffic. I'd make sure the proxy is inside a 'regular IP' network, i.e. inside your network behind the router.


----------



## chamba (Apr 20, 2010)

Hi DutchDeamon, sorry to come late but i have the same problem, i want to make my proxy runs as transparent because when i put the IP on the browser it works perfectly but is hard to manager.

So i see that there is a solution like that. I'm using ipfw how can i make it?

Where do i write theses lines here?


```
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $int_if inet proto tcp from any to any port $web -> 127.0.0.1 port 3128
```
regards/
chamba/


----------



## DutchDaemon (Apr 20, 2010)

You'll have to find the ipfw-equivalent syntax, because these lines are for pf. I'm sure Googling for 'ipfw transparent squid' will give you enough to read.


----------

