diagramBasically this is the situation:
I have an ADSL Connection which can give me public IP. I have an old PC which I want to make use of it as a router.

The problem is, the old PC has only One NIC (Network Interface Card) and I’m too lazy to buy a new one. But I want to make it to become a router as a solution for other PCs, so they can also connect to the Internet.

Here are the list of what I want:

1. Create a router
2. Make it as a proxy server
3. Make the proxy transparent

I already setup my SQUID proxy to work on port 3128.

I’m using SQUID proxy server with the version > 2.6, and to make it transparent I add these lines on the /etc/squid/squid.conf :

http_port 3128 transparent
icp_port 3130

As I only have one NIC, I need to create a virtual ethernet, so it can have two different IP address (which of course, can have two different subnet). I’m using Ubuntu Server, so I change it on /etc/network/interfaces

# The primary network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
        name Ethernet Public IP
        address 2xx.19x.1xx.52
        broadcast 2xx.19x.1xx.63
        gateway 2xx.19x.1xx.49

auto eth0:0
iface eth0:0 inet static
        name Ethernet alias LAN card

Here’s the complete script of my Proxy Server, so it can work with only one network card, and work as a transparent proxy for the client. I give it a name /root/makemetransparent.sh


# Squid server IP

# Interface connected to Internet

# Address connected to LAN

# Squid port

# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# Enable Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Setting default filter policy
iptables -P INPUT DROP

# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state –state ESTABLISHED,RELATED -j ACCEPT

# set this system as a router for Rest of LAN
iptables -A FORWARD -s $LOCAL -j ACCEPT

# unlimited access to LAN
iptables -A INPUT -s $LOCAL -j ACCEPT
iptables -A OUTPUT -s $LOCAL -j ACCEPT

# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -s $LOCAL -p tcp –dport 80 -j DNAT –to $SQUID_SERVER:$SQUID_PORT

# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp –dport 80 -j REDIRECT –to-port $SQUID_PORT

# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP


Voila ! Now, all PCs under the network can connect to the Internet without having to put the proxy server in the browser setting.

– end of story –

The script is modified version from what I read here.