DD-WRT firewall settings for external Squid proxy server

My home network setup starts off with an Asus RT-N16 which has DD-WRT installed on it to get a little more than what the stock firmware can provide to me. I also have my home fileserver which also acts as a Squid Caching server to help speed up my browsing.

In order to have all network traffic pushed through my Squid server this is these are the firewall settings I had to use on the Asus RT-N16 router. (I am not going to provide setup details for the Squid server in this post)


echo 0 > /proc/sys/net/ipv4/tcp_westwood
echo 1 > /proc/sys/net/ipv4/tcp_vegas_cong_avoid
echo 3 > /proc/sys/net/ipv4/tcp_vegas_alpha
echo 3 > /proc/sys/net/ipv4/tcp_vegas_beta

if [ -z $TRANSPARENT_PROXY ]; then
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp --dport 80 -j DNAT --to $PROXY_SERVER:$PROXY_PORT
/usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p tcp -d $PROXY_SERVER -j SNAT --to $ROUTER_IP
/usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d $PROXY_SERVER -i br0 -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT

# Causes slow loading but shows true IP.
#iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s $PROXY_SERVER
#iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
#ip rule add fwmark 3 table 2
#ip route add default via $PROXY_SERVER dev br0 table 2

/usr/sbin/iptables -t nat -I POSTROUTING -o br0 -s -d -j MASQUERADE
echo "This script has already run!"
echo "If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell."

# nvram commit

The nice thing about this setup is that I do not have to specify a proxy server for each device on my network, and the server is configured to block ads as well.