My home network setup starts off with an Asus RT-N16 which has DD-WRT installed on it to get a little more than what the stock firmware can provide to me. I also have my home fileserver which also acts as a Squid Caching server to help speed up my browsing.
In order to have all network traffic pushed through my Squid server this is these are the firewall settings I had to use on the Asus RT-N16 router. (I am not going to provide setup details for the Squid server in this post)
#!/bin/sh INTERNAL_NETWORK="10.0.1.0/24" ROUTER_IP="10.0.1.1" PROXY_SERVER="10.0.1.100" PROXY_PORT="3128" echo 0 > /proc/sys/net/ipv4/tcp_westwood echo 1 > /proc/sys/net/ipv4/tcp_vegas_cong_avoid echo 3 > /proc/sys/net/ipv4/tcp_vegas_alpha echo 3 > /proc/sys/net/ipv4/tcp_vegas_beta if [ -z $TRANSPARENT_PROXY ]; then /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp --dport 80 -j DNAT --to $PROXY_SERVER:$PROXY_PORT /usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p tcp -d $PROXY_SERVER -j SNAT --to $ROUTER_IP /usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d $PROXY_SERVER -i br0 -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT # Causes slow loading but shows true IP. #iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s $PROXY_SERVER #iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80 #ip rule add fwmark 3 table 2 #ip route add default via $PROXY_SERVER dev br0 table 2 /usr/sbin/iptables -t nat -I POSTROUTING -o br0 -s 10.0.1.0/24 -d 10.0.1.0/24 -j MASQUERADE export TRANSPARENT_PROXY="1" else echo "This script has already run!" echo "If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell." fi # nvram commit
The nice thing about this setup is that I do not have to specify a proxy server for each device on my network, and the server is configured to block ads as well.
Hello, thank you for the detailed script! Have you considered setting up squid to proxy client SSL connections? If so, I’d love to see your write-up. Cheers – JC
Not a bad idea, though I have since retired this setup. I have been meaning to revisit this and make some updates when I have some time.
I gave up on the build myself and just went with setting up my AppleTV with HTTP proxy. Oh well, it was a learning experience.
Did you just end up setting up a local proxy server then? or using a 3rd party service?