Configuring A Transparent Proxy - Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION Administration Manual

29.5 Configuring a Transparent Proxy

The usual way of working with proxy servers is the following: the Web browser sends
requests to a certain port in the proxy server and the proxy provides these required ob-
jects, whether they are in its cache or not. When working in a network, several situations
may arise:
• For security reasons, it is recommended that all clients use a proxy to surf the Inter-
net.
• All clients must use a proxy, regardless of whether they are aware of it.
• The proxy in a network is moved, but the existing clients need to retain their old
configuration.
In all these cases, a transparent proxy may be used. The principle is very easy: the proxy
intercepts and answers the requests of the Web browser, so the Web browser receives
the requested pages without knowing from where they are coming. As the name indicates,
the entire process is done transparently.
29.5.1 Configuration Options in
/etc/squid/squid.conf
To inform squid that it should act as a transparent proxy, use the option transparent
at the tag http_port in the main configuration file /etc/squid/squid.conf.
After restarting squid, the only other thing that must be done is to reconfigure the firewall
to redirect the http port to the port given in http_port. In the following squid config
line, this would be the port 3128.
http_port 3128 transparent
29.5.2 Firewall Configuration with
SuSEfirewall2
Now redirect all incoming requests via the firewall with help of a port forwarding rule
to the Squid port. To do this, use the enclosed tool SuSEfirewall2, described in Sec-
The Proxy Server Squid 431