DD-WRT firewall settings for external Squid proxy server

My home network setup starts off with an Asus RT-N16 which has DD-WRT installed on it to get a little more than what the stock firmware can provide to me. I also have my home fileserver which also acts as a Squid Caching server to help speed up my browsing.

In order to have all network traffic pushed through my Squid server this is these are the firewall settings I had to use on the Asus RT-N16 router. (I am not going to provide setup details for the Squid server in this post)


echo 0 > /proc/sys/net/ipv4/tcp_westwood
echo 1 > /proc/sys/net/ipv4/tcp_vegas_cong_avoid
echo 3 > /proc/sys/net/ipv4/tcp_vegas_alpha
echo 3 > /proc/sys/net/ipv4/tcp_vegas_beta

if [ -z $TRANSPARENT_PROXY ]; then
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp --dport 80 -j DNAT --to $PROXY_SERVER:$PROXY_PORT
/usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p tcp -d $PROXY_SERVER -j SNAT --to $ROUTER_IP
/usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d $PROXY_SERVER -i br0 -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT

# Causes slow loading but shows true IP.
#iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s $PROXY_SERVER
#iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
#ip rule add fwmark 3 table 2
#ip route add default via $PROXY_SERVER dev br0 table 2

/usr/sbin/iptables -t nat -I POSTROUTING -o br0 -s -d -j MASQUERADE
echo "This script has already run!"
echo "If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell."

# nvram commit

The nice thing about this setup is that I do not have to specify a proxy server for each device on my network, and the server is configured to block ads as well.

4 thoughts on “DD-WRT firewall settings for external Squid proxy server”

  1. Hello, thank you for the detailed script! Have you considered setting up squid to proxy client SSL connections? If so, I’d love to see your write-up. Cheers – JC

Comments are closed.