Transparent Web Caching using the Squid Proxy (10.x)

Security Gateway Articles and How to's
Posts: 85
Joined: 18 Apr 2008, 10:46
Location: Clavister HQ - Örnsköldsvik

Transparent Web Caching using the Squid Proxy (10.x)

Post by jono » 30 Apr 2008, 13:23

This How-to applies to:
  • Clavister CorePlus 8.x, 9.x
  • Clavister cOS Core 10.x
Setting up Clavister Security Gateway

We use three interfaces: Lan, Wan and Dmz.
The Lan network is
The Dmz network is
The Wan interface is setup according to the ISP's specifications (wan_ip, wan_net and wan_gw).

The Squid Proxy server has IP address and is connected to the Dmz interface.

Setting up the IP Rules
Setup a SAT IP Rule that forwards all traffic going to all-nets ( and tcp port 80 to the Squid Proxy server, on IP Address We also port translate from port 80 to the new destination port 3128.
We also need a NAT rule for the traffic from the Squid proxy to the public internet.

1. SAT lan lan_net wan all-nets HTTP SetDestination= NewPort=3128
2. Allow lan lan_net wan all-nets HTTP
3. NAT dmz wan all-nets HTTP


To run Squid in a transparent mode, you need to enable the following in squid.conf.
  • httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_host virtual
    httpd_accel_uses_host_header on
Squid does not need to know how requests arrive at its listening port (Default: 3128), squid sees a request for a URL and connects to port 80 on the server where it thinks the URL resides. Notice that squid does not have any control over what types of request arrive to it so try to only forward the protocols it can handle.