Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenWRT Squid transparent configuration
Squid required:
Mount HD (15GB min) on /tmp/cache, chmod -R 777 /tmp/cache
Firewall section:
config redirect
option src 'lan'
option proto 'tcp'
option src_ip '!192.168.1.1'
option src_dport '80'
option dest_ip '192.168.1.1'
option dest_port '3128'
option target 'DNAT'
/etc/init.d/firewall reload/restart
Squid confiuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
visible_hostname SquidBox
hierarchy_stoplist cgi-bin ?
cache_mem 8 MB
maximum_object_size_in_memory 8 KB
cache_dir ufs /tmp/cache 15000 16 512
maximum_object_size 32 MB
access_log /tmp/cache/access.log squid
#access_log none
cache_log /tmp/cache/cache.log
cache_store_log /tmp/cache/store.log
pid_filename /tmp/cache/squid.pid
netdb_filename /tmp/cache/netdb.state
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
#upgrade_http0.9 deny shoutcast
#acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
#dns_nameservers 127.0.0.1
coredump_dir /tmp/cache
Usage:
squid -z (create cache directory)
squid -D
squid -k kill/configure
use -f cfgfile if is moved
Remember to launch Squid with rc file.
@overcache

This comment has been minimized.

Copy link

@overcache overcache commented Aug 5, 2017

does transparent https proxy works with your config?

@cscortes

This comment has been minimized.

Copy link

@cscortes cscortes commented Sep 18, 2017

Does this work for https? What would be the difference?

@Wolfie713

This comment has been minimized.

Copy link

@Wolfie713 Wolfie713 commented Oct 11, 2017

Way to make it a nearly unreadable mess. Also, the 15gb min requirement is a requirement of Squid, but rather your configuration of it. Not only that, but you shouldn't set the cache to be the same as the storage, you should leave some spare room on the device.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment