In this article I’ll talk on how to setup a transparent proxy on Windows Server 2003 using Squid NT. Squid NT is a port from Linux base proxy server called Squid. I have successfully installed and configured Squid transparent proxy on Windows Server and here is how I do it.
Installing Squid NT is very easy, first you can download Squid NT here, and then you can follow my old tutorial here: http://markus.revti.com/2007/06/installing-squid-cache-for-windows/
Although installing Squid NT is easy, however configuring transparent proxy on Windows version of Squid is a bit tricky as Squid NT have its limitation. From Squid NT website it’s stated: “Transparent Proxy: missing Windows non commercial interception driver”.
My first thought was there is no way to do port forwarding or port redirecting in Windows Server the same way it is done in Linux server. In Linux based server you can use iptables to do port forwarding with the command like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 |
I’ve been looking for a way to do port redirect or port forwarding in Windows Server 2003 this several days and start to become desperate as not much info I can get on this topic. At first I was looking for doing port forwarding or port redirecting in RRAS (Routing and Remote Access Service) but can’t find it. Actually there is port forwarding in RRAS but it’s not what I need to make transparent proxy.
Then I start looking for software that can do port forwarding and found Softperfect Bandwidth Manager can do it. You can download Softperfect Bandwidth Manager here.
Step by step to configure transparent proxy using Softperfect Bandwidth Manager:
Let start by installing the Squid NT, use my old tutorial here http://markus.revti.com/2007/06/installing-squid-cache-for-windows/ to guide you.
Then you’ll need to modify the squid.conf to add “transparent” keyword behind http_port options so it will look like this:
http_port 3128 transparent |
Install Softperfect Bandwidth Manager
Create a Port Map, here you should define the Squid’s port on your server. Go to “Tools > Port Mapping”
Softperfect Bandwidth Manager's Add Port Map
Click on New button to create a new mapping, fill like the example below
Softperfect Bandwidth Manager Adding New Port Map
After you create a port map, you need to create a new rule to redirect all HTTP request to remote server port 80 to port 3128. Click on “Rules > Add Rule”. On General tab fill the fields with these values:
Direction: Both
Transfer Rate Limit: Unlimited
Protocol: TCP and UDP
Apply Rule on Interface: LAN
Softperfect Bandwidth Manager Rule General Tab
Important! You must select the interface (Network Card) that is connected to your Local Network (the one that connect the server to other client computers, and NOT the one connected to the modem, etc.)
On Source tab set the values to these:
Source Address: Whole IP Address, and insert the IP ranges of your clients PC
Source Port: Any
Softperfect Bandwidth Manager Source Tab
On Destination tab set the values to these:
Destination Address: Any IP Address
Destination Port: Port List and then Add these ports: 80 (HTTP) and 443 (HTTPS)
Softperfect Bandwidth Manager Destination Tab
On Advanced tab look for “Additional Processing”, give check on “Process through the following mapping” and select the port mapping you created before and click OK.
Softperfect Bandwidth Manager Advanced Tab
Done, now all requests to port 80 and 443 will be redirected to Squid NT. To check whether the transparent proxy works or not you can visit http://whatismyipaddress.com/ and it should say “Proxy Server Detected!”
Require some more. snaps of Squid…….
How to configure squid steps by steps in windows server with snaps…….
please
thanks in advance
vasim
where can i find information about snaps? google doesn’t give meaningful result
can i activate this on my own server? im a bit confused, would i not be just as well to use a proxy like http://www.piratebayproxy.org?
yes you can. with proxy site all over the internet, you’ll never know what they do when you use them to access the web, furthermore if you accessing password protected website, they could get your username and password.
Great tutorial Markus!!!
really appreciate ur effort
Nice tuto Markus.
other way round to make squid as transparent proxy on xp box:
nat (netsh) + active wall pro + squid
active wall >>>> http://en.lanctrl.com
thanks
Hi Marcus, I’m trying to install squid 2.7 on a windows 2008 server. The same config works fine on 2003 but on 2008 it keeps prompting for credentials (i’m using ntlm authentication). Reguardless of the credentials I enter it never authenticates me. Any ideas?
Thanks
Hi Bill,
I didn’t use Windows server 2008 and NTLM so I don’t really know. but have you tried the proxy without NTLM authentication? maybe it get’s blocked by the firewall. Try check the log file too..
Hi markus,
graet tutorial, but my intranet not working when im using proxy i have program using http inside my network please help
Hi Markus,
i set the softperfect bandwidth manager step by step with u tuto, but i can only use in Internet Explorer ,transparent proxy isn’t work .
any idea?
what is your OS? where did you install Softperfect Bandwidth Manager? do you use client server scheme or only install it on your own PC?
have you check your log file? what is your squid.conf content?
Such, I installed the squid, I can navigate the manual form, but the problem is q is not clear, I have windows server 2003 mounting procedures in conjunction with bwm
I doubt ..
network connections and should practice to be par bwm wing configuration?
You must have made the network bridge?
or without the bridge?
Can this method be used from an external computer (as in hosting a proxy server by like ip:port proxy for an outside client to connect an use by setting it in lan/proxy server settings in ie’s internet options?? for example like hidemyass.com’s ip:port list?)
yes it’s possible, you have to modify the ACL so it’ll accept connection from your client PC IP address
if we use it for 20 clients…..can it be possible to use this tutorial??? how about bottleneck if am use it for 20 clients? thanks..
yes, it’s possible
hello sir markus i just wanna as if this is possible to setup softperfect with squidNT in this network setup..by the way this is the setup: DSL/Internet—router–switch–server and workstations..btw this is a setup for an internet cafe shop.. i want to install softperfect and squid in server..i’ve already configure my squidNT in server and its running smooth..when i install softperfect and configure it..i have no internet connection, then i remove softperfect, my connection had back again..what do you think is the problem..
thanks!
btw im using windows xp pro SP3 in my server..thanks!!
hi,
How to solve below these problems:
1. specific website non-blocking.
2. bandwith users control
3. specific time access user
Please send me the solution in Squid.confi. details on my email address.
Hi markus i configured my squidnt in windows server 2003 and it ‘s runing, the only probleme is with outlook express; in client machine we can’t send or receive message with outlook, so i tried to use Softperfect Bandwidth Manager to redirect the port 25 and 110 to the squid listen port 80. but my problem persist.
please help i need to resolve this problem as soon as possible :’(
Pingback: Proxy Transparente no Windows com Squid NT | Inforlogia
hello,
how about, how to allow program using http: i have program using http:\appserver\kafis\login.aspx
So port redirecting is possible on Windows, but unfortunately only with a commercial software. Why nobody had created a free software to do such things?
Port forwarding is possible on windows:
c:\>netsh
netsh > interface portproxy
netsh interface portproxy > add v4tov4 listenport=8080 connectaddress=192.168.1.28 connectport=8080
more info: http://technet.microsoft.com/en-us/library/cc731068%28WS.10%29.aspx
i think netsh only applies for Windows Server 2008 and 2008 R2, it will not work for 2003.
Hi marku,i have configure squid for transparent but i am having the Error code: ssl_error_rx_record_too_long.is there any solution for it.do i need to recompile squid after making changes to squid.conf file?
i didn’t get that problem at the time i’m installing squid. that error message most of the time means broken ssl certificate (and it’s server side) so you have to fix it on your web server and not squid.
Hi Markus sama,
does this tutorial works with Squid 2.7 under Windows 2008 r2. If it works thanks a lot for your work.
i haven’t try it on Windows 2008 R2 but i think it should work
Hi Markus,
THANK YOU for the great tutorial!!!
did you read these:
http://www.sixxs.net/wiki/PortProxy
http://technet.microsoft.com/en-us/library/cc776297%28WS.10%29.aspx
So transparent SQUID can run on W-XP-Pro without SBM?
Squidman
hey, thanks for the link.. i have to redo the tutorial to update it.. it’s been a while since i wrote this article.
Hi Markus,
could this be an alternative for SBM?
http://pjs-passport.sourceforge.net/
Squidman