diagramBasically this is the situation:
I have an ADSL Connection which can give me public IP. I have an old PC which I want to make use of it as a router.

The problem is, the old PC has only One NIC (Network Interface Card) and I’m too lazy to buy a new one. But I want to make it to become a router as a solution for other PCs, so they can also connect to the Internet.

Here are the list of what I want:

1. Create a router
2. Make it as a proxy server
3. Make the proxy transparent

I already setup my SQUID proxy to work on port 3128.

I’m using SQUID proxy server with the version > 2.6, and to make it transparent I add these lines on the /etc/squid/squid.conf :

http_port 3128 transparent
icp_port 3130

As I only have one NIC, I need to create a virtual ethernet, so it can have two different IP address (which of course, can have two different subnet). I’m using Ubuntu Server, so I change it on /etc/network/interfaces

# The primary network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
        name Ethernet Public IP
        address 2xx.19x.1xx.52
        netmask 255.255.255.248
        broadcast 2xx.19x.1xx.63
        gateway 2xx.19x.1xx.49

auto eth0:0
iface eth0:0 inet static
        name Ethernet alias LAN card
        address 192.168.168.25
        netmask 255.255.255.0
        broadcast 192.168.168.255
        network 192.168.168.0

Here’s the complete script of my Proxy Server, so it can work with only one network card, and work as a transparent proxy for the client. I give it a name /root/makemetransparent.sh

#!/bin/sh

# Squid server IP
SQUID_SERVER=”192.168.168.25″

# Interface connected to Internet
INTERNET=”eth0″

# Address connected to LAN
LOCAL=”192.168.168.0/24″

# Squid port
SQUID_PORT=”3128″

# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# Enable Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state –state ESTABLISHED,RELATED -j ACCEPT

# set this system as a router for Rest of LAN
iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE
iptables -A FORWARD -s $LOCAL -j ACCEPT

# unlimited access to LAN
iptables -A INPUT -s $LOCAL -j ACCEPT
iptables -A OUTPUT -s $LOCAL -j ACCEPT

# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -s $LOCAL -p tcp –dport 80 -j DNAT –to $SQUID_SERVER:$SQUID_PORT

# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp –dport 80 -j REDIRECT –to-port $SQUID_PORT

# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

 

Voila ! Now, all PCs under the 192.168.168.0/24 network can connect to the Internet without having to put the proxy server in the browser setting.

– end of story –

The script is modified version from what I read here.