Share Internet with squid & Iptables

Hi Friends,

Mr. Kalpesh Patel implement a nice trick to share internet with squid and block website using port redirection.

open your sysctl.conf

vim /etc/sysctl.conf and change line
net.ipv4.ip_forward = 1 (by default its 0)

save & exit from file 

1. Install Squid

yum -y install squid*

2. Edit Squid.conf file 

To Block website apply copy and paste this below lines as per your source network

acl blocksite dstdomain
http_access deny blocksite 

acl our_networks src <your-network>
http_access allow our_networks

vim /etc/squid/squid.conf then search for http_port you will see 3128 by default port there so change it to 8888

save & exit from file

3. service squid restart

4.Now share your internet using iptables by executing following command:-

iptables -t nat -A POSTROUTING -o eth1 < Live-IP-Lan-Card> -j MASQUERADE

5. Now redirect your 80 port to 8888 

iptables -t nat -A PREROUTING -i eth0 (Local-Lan-Card) -p -tcp –dport 80 -j REDIRECT –to-port 8888

Now your Outlook will work directly without doing anything but client will not able to surf block websites which you blocked in squid.

Special thanks to Mr. Kalpesh Patel for implementing this trick.