My home network setup starts off with an Asus RT-N16 which has DD-WRT installed on it to get a little more than what the stock firmware can provide to me. I also have my home fileserver which also acts as a Squid Caching server to help speed up my browsing.
In order to have all network traffic pushed through my Squid server this is these are the firewall settings I had to use on the Asus RT-N16 router. (I am not going to provide setup details for the Squid server in this post)
#!/bin/sh INTERNAL_NETWORK="10.0.1.0/24" ROUTER_IP="10.0.1.1" PROXY_SERVER="10.0.1.100" PROXY_PORT="3128" echo 0 > /proc/sys/net/ipv4/tcp_westwood echo 1 > /proc/sys/net/ipv4/tcp_vegas_cong_avoid echo 3 > /proc/sys/net/ipv4/tcp_vegas_alpha echo 3 > /proc/sys/net/ipv4/tcp_vegas_beta if [ -z $TRANSPARENT_PROXY ]; then /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp --dport 80 -j DNAT --to $PROXY_SERVER:$PROXY_PORT /usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p tcp -d $PROXY_SERVER -j SNAT --to $ROUTER_IP /usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d $PROXY_SERVER -i br0 -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT # Causes slow loading but shows true IP. #iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s $PROXY_SERVER #iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80 #ip rule add fwmark 3 table 2 #ip route add default via $PROXY_SERVER dev br0 table 2 /usr/sbin/iptables -t nat -I POSTROUTING -o br0 -s 10.0.1.0/24 -d 10.0.1.0/24 -j MASQUERADE export TRANSPARENT_PROXY="1" else echo "This script has already run!" echo "If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell." fi # nvram commit
The nice thing about this setup is that I do not have to specify a proxy server for each device on my network, and the server is configured to block ads as well.