Squid in TProxy mode on Fedora
From MikroTik Wiki
Contents
Starting point: fresh Fedora installation with network up and running.
Disable SElinux
Open /etc/sysconfig/selinux and change SELINUX=enforcing to SELINUX=disabled.
Edit /etc/sysctl.conf
Add the following lines:
net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0
And change net.ipv4.ip_forward = 0 to
net.ipv4.ip_forward = 1
Edit /etc/rc.local
Add the following lines:
ip rule add fwmark 1 lookup 100 ip -f inet route add local 0.0.0.0/0 dev lo table 100
Configure iptables
Edit /etc/sysconfig/iptables, add the following lines:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -m addrtype ! --dst-type LOCAL -j ACCEPT
*mangle :DIVERT - [0:0] -A PREROUTING -p tcp -m socket -j DIVERT -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128 --tproxy-mark 0x1/0x1 -A DIVERT -j MARK --set-xmark 0x1/0xffffffff -A DIVERT -j ACCEPT COMMIT
Remove/#comment the following line:
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
Install squid
yum install squid
Edit squid config
Edit /etc/squid/squid.conf to face your needs: at least, change http_port 3128 to
http_port 3128 tproxy
You will also need to add necessary addresses to 'localnet' acl.