Skip to content

Instantly share code, notes, and snippets.

@Jalakas

Jalakas/LEDE.squid.transparent

Forked from alexalouit/openwrt.squid.transparent
Last active March 22, 2018 16:43
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Jalakas/6a88cfebbc4f18b7facb4ae490cf6664 to your computer and use it in GitHub Desktop.
Save Jalakas/6a88cfebbc4f18b7facb4ae490cf6664 to your computer and use it in GitHub Desktop.
Download ZIP
OpenWRT Squid transparent configuration
Raw
LEDE.squid.transparent
* Install Squid on LEDE/Openwrt device:
opkg install squid
* Add cache device (/dev/sda1 in this example), mount to /tmp/squid:
vi /etc/config/fstab
config mount
option enabled '1'
option device '/dev/sda1'
option fstype 'ext4'
option enabled_fsck '1'
option target '/tmp/squid
* Edit firewall section:
vi /etc/config/firewall
config redirect
option proto 'tcp'
option src 'lan'
option src_ip '!192.168.1.1'
option src_dport '80'
option dest 'lan'
option dest_ip '192.168.1.1'
option dest_port '3128'
option target 'DNAT'
* Reload and restart firewall service:
/etc/init.d/firewall reload
/etc/init.d/firewall restart
* Edit Squid configuration:
vi /etc/squid/squid.conf
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl ssl_ports port 443
acl safe_ports port 80
acl safe_ports port 21
acl safe_ports port 443
acl safe_ports port 70
acl safe_ports port 210
acl safe_ports port 1025-65535
acl safe_ports port 280
acl safe_ports port 488
acl safe_ports port 591
acl safe_ports port 777
acl connect method connect
http_access deny !safe_ports
http_access deny connect !ssl_ports
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
# Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
access_log none
cache_log /dev/null
cache_store_log stdio:/dev/null
logfile_rotate 0
logfile_daemon /dev/null
http_port 3128 intercept
# cache_dir ufs Directory-Name Mbytes L1 L2 [options]
cache_dir ufs /tmp/squid/cache 900 16 512
# If you have 64MB device you can use 16MB cache_mem, default is 8MB
cache_mem 16 MB
maximum_object_size_in_memory 100 KB
maximum_object_size 32 MB
* Reload Squid configuration:
squid -k reconfigure ((use -f cfgfile if is moved)
squid -z (create cache directory)
@diogosimao
Copy link

Just to make sure of something. If my router IP is 192.168.11.1, things would be like the following?

config redirect
        option proto 'tcp'
        option src 'lan'
        option src_ip '!192.168.11.1'    #<===
        option src_dport '80'
        option dest 'lan'
        option dest_ip '192.168.11.1'  #<===
        option dest_port '3128'
        option target 'DNAT'

Just one more question: do you have in mind something (any config) that would jeopardize the setup to the point that no pages would load?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment