Re: [squid-users] Testing transparent squid in VM

From: Amos Jeffries <>
Date: Tue, 29 Apr 2008 02:29:28 +1200

Wundy wrote:
> Greetings all!
> I am currently trying to run a transparent proxy in a testing environment.
> I have one VM with 2 network cards. 1 is set on vmnet2 the other one NAT to
> the internet.
> my server is running squid in transparent mode on the internal IP address of
> and the client is set on with it's default gateway pointing
> towards 0.12.
> now when I try to open iceweasel I cannot get through to the internet, when
> I input my proxy settings, it does work.
> how do I fix this ?
> I tried redirecting traffic with IPtables but it didn't work,
> here is the script I used:
> eth2 is the internal lan
> eth1 the internet
> #!/bin/bash
> iptables -F
> iptables -X
> iptables -t nat -F
> iptables -t nat -X
> iptables -t mangle -F
> iptables -t mangle -X
> iptables -A INPUT -i eth2 -j ACCEPT
> iptables -A OUTPUT -o eth2 -j ACCEPT
> iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
> best wishes

You should be able to use just:

  iptables -t nat -A PREROUTING -s ! -p tcp --dport 80 -
REDIRECT -to-port 3128
  iptables -t nat -A POSTROUTING -j MASQUERADE

   http_port 3128 transparent

If that still won't work:
  - Ensure that your squid has ONLY one transparent option
(--enable-linux-netfilter) configured.
  - Check that squid is receiving requests (access.log or cache.log)
  - Check squid has access outbound (usually cache.log)
  - Check whether NAT is failing (cache.log)


Please use Squid 2.6.STABLE19 or 3.0.STABLE4
Received on Mon Apr 28 2008 - 14:29:02 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT