10.23.08
Squid as a Transparent Proxy on a stand-alone machine
A buddy of mine had a problem getting squid to work right on a stand alone machine. He installed Ubuntu and Squid and configured it according to directions but since it was stand-alone and not a router machine, the normal transparent proxy iptables rules wouldn’t work. It turns out without the routing portion you have to change things up a little. Here are the iptables rules that fixed his problem. You simply use these rules instead of what the howto says to use.
iptables -t nat -A OUTPUT -p tcp -m owner –dport 80 –uid-owner proxy -j ACCEPT
iptables -t nat -A OUTPUT -p tcp -m tcp –dport 80 -j DNAT –to-destination 127.0.0.1:3128
This is the first step to securing a machine for kids to use as a “safe” web surfing machine. Squid does the transparent proxy, but it’s dansguardian that makes it filter content that you might not want your kids to see. There is a lot of documentation listed on the site on how to configure various pieces, but there was nothing that showed how to configure iptables for a stand alone machine.