- Clavister CorePlus 8.x, 9.x
- Clavister cOS Core 10.x
We use three interfaces: Lan, Wan and Dmz.
The Lan network is 192.168.0.0/24
The Dmz network is 172.16.0.0/24.
The Wan interface is setup according to the ISP's specifications (wan_ip, wan_net and wan_gw).
The Squid Proxy server has IP address 172.16.0.2 and is connected to the Dmz interface.
Setting up the IP Rules
Setup a SAT IP Rule that forwards all traffic going to all-nets (0.0.0.0/0) and tcp port 80 to the Squid Proxy server, on IP Address 172.16.0.2. We also port translate from port 80 to the new destination port 3128.
We also need a NAT rule for the traffic from the Squid proxy to the public internet.
1. SAT lan lan_net wan all-nets HTTP SetDestination=172.16.0.2 NewPort=3128
2. Allow lan lan_net wan all-nets HTTP
3. NAT dmz 172.16.0.2 wan all-nets HTTP
To run Squid in a transparent mode, you need to enable the following in squid.conf.
httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_host virtual httpd_accel_uses_host_header on