Squid Transparent Proxy Server on Windows Server 2003
In this article I’ll talk on how to setup a transparent proxy on Windows Server 2003 using Squid NT. Squid NT is a port from Linux base proxy server called Squid. I have successfully installed and configured Squid transparent proxy on Windows Server and here is how I do it.
Installing Squid NT is very easy, first you can download Squid NT here, and then you can follow my old tutorial here: http://markus.revti.com/2007/06/installing-squid-cache-for-windows/
Although installing Squid NT is easy, however configuring transparent proxy on Windows version of Squid is a bit tricky as Squid NT have its limitation. From Squid NT website it’s stated: “Transparent Proxy: missing Windows non commercial interception driver”.
My first thought was there is no way to do port forwarding or port redirecting in Windows Server the same way it is done in Linux server. In Linux based server you can use iptables to do port forwarding with the command like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
I’ve been looking for a way to do port redirect or port forwarding in Windows Server 2003 this several days and start to become desperate as not much info I can get on this topic. At first I was looking for doing port forwarding or port redirecting in RRAS (Routing and Remote Access Service) but can’t find it. Actually there is port forwarding in RRAS but it’s not what I need to make transparent proxy.
Then I start looking for software that can do port forwarding and found Softperfect Bandwidth Manager can do it. You can download Softperfect Bandwidth Manager here.
Step by step to configure transparent proxy using Softperfect Bandwidth Manager:
Let start by installing the Squid NT, use my old tutorial here http://markus.revti.com/2007/06/installing-squid-cache-for-windows/ to guide you.
Then you'll need to modify the squid.conf to add "transparent" keyword behind http_port options so it will look like this:
http_port 3128 transparentInstall Softperfect Bandwidth Manager
Create a Port Map, here you should define the Squid’s port on your server. Go to “Tools > Port Mapping”
Softperfect Bandwidth Manager's Add Port Map
Click on New button to create a new mapping, fill like the example below
Softperfect Bandwidth Manager Adding New Port Map
After you create a port map, you need to create a new rule to redirect all HTTP request to remote server port 80 to port 3128. Click on “Rules > Add Rule”. On General tab fill the fields with these values:
Direction: Both
Transfer Rate Limit: Unlimited
Protocol: TCP and UDP
Apply Rule on Interface: LAN
Softperfect Bandwidth Manager Rule General Tab
Important! You must select the interface (Network Card) that is connected to your Local Network (the one that connect the server to other client computers, and NOT the one connected to the modem, etc.)
On Source tab set the values to these:
Source Address: Whole IP Address, and insert the IP ranges of your clients PC
Source Port: Any
Softperfect Bandwidth Manager Source Tab
On Destination tab set the values to these:
Destination Address: Any IP Address
Destination Port: Port List and then Add these ports: 80 (HTTP) and 443 (HTTPS)
Softperfect Bandwidth Manager Destination Tab
On Advanced tab look for “Additional Processing”, give check on “Process through the following mapping” and select the port mapping you created before and click OK.
Softperfect Bandwidth Manager Advanced Tab
Done, now all requests to port 80 and 443 will be redirected to Squid NT. To check whether the transparent proxy works or not you can visit http://whatismyipaddress.com/ and it should say “Proxy Server Detected!”
Download Squid NT and Softperfect Bandwidth Manager here
October 17th, 2009 - 13:42
how i will active Squid + Softperfect Bandwidth Manager for webcams support?
October 17th, 2009 - 14:33
what problem do you encounter? squid + softperfect shouldn’t be have anything to do with webcam, unless the software need a port to be opened to transfer the video, in this case you have to ask the software provider what ports they use.
October 18th, 2009 - 06:55
i try to install a transparent proxy under windows xp professional.
i made all steps.. but it\’s only work if i set the proxu setting in the internet explorer 8
if i set the port 3128 or port 80 work\’s fine.. but in transparent mode no..
any idea?
October 19th, 2009 - 20:22
do you have firewall installed?
does the win xp is the internet gateway on your network? the pc which you install the squid proxy server + Softperfect Bandwidth Manager must be the internet gateway other wise it won’t work.
November 13th, 2009 - 00:43
Hey Buddy, tanks for the tuto.
I have a problem, when i try to open secure web pages (https) my connection fail.
can you helpme with this?
November 13th, 2009 - 06:37
you have to check the squid’s ACL, you have to open port 443 for Safe_ports and SSL_ports
November 19th, 2009 - 07:37
Hi, i have windows 2003 enterprice, squid 2.7 stable6 and softperfect, i try to install a transparent proxy but made all steps but it’s only work if i set the proxy setting in the internet explorer in transparent mode not work, my win 2003 have two cards, but, if i set the web page ip address work. any idea??
November 19th, 2009 - 15:24
“web page ip address work”
if you can access website by its ip address and not by domain name, it probably the DNS setting on squid.conf is not configured yet.
does all client use the windows 2003 server as gateway? on client pc, check “Local Area Connection Status”, the field “Default Gateway” must point to the windows 2003 ip address
November 24th, 2009 - 03:20
Markus can you post new actualized post because you r the only one page of transparent proxy over windows on google!
November 26th, 2009 - 18:18
i did write new article here: http://www.talk.web.id/2009/08/installing-squid-web-proxy-server-on-windows-7/
November 30th, 2009 - 11:28
Great tuto dude
December 19th, 2009 - 22:45
I came across this artical and had few questions. Is it possible to change this program to authenticate against a database? for example, a database consists of username / password. Only people who have correctly authenticated can access internet.
My last question is, is it possible to run transparent proxy on Windows Vista or Windows 7 computer?
Thanks
January 9th, 2010 - 03:31
I did everything exactly described in this topic but couldn’t have the transparent proxy working….
I will describe in detail about the steps I did
The computer which must be configured as Squid server and transparent proxy has Windows XP SP2…..
I have one LAN Card and its IP address is 192.168.0.100…
I have installed Squid successfully which listens in port 3128 with “http_port 3128 transparent” in squid.conf….
SBM installed successfully and configured exactly as the same way it was instructed….
Squid is running successfully…. I have tested in one Client PC by setting browser Proxy setting to 192.168.0.100:3128…. websites are being fetched successfully….
but when I remove the proxy setting then websites are not being fetched…
Client computer’s IP address is 192.168.0.101
net mask 255.255.255.0
gateway 192.168.0.100
dns 192.168.0.100
is this the correct setting or not….
transparent proxy not working please help………
January 9th, 2010 - 03:35
I did everything exactly described in this topic but couldn’t have the transparent proxy working….
I will describe in detail about the steps I did
The computer which must be configured as Squid server and transparent proxy has Windows XP SP2…..
I have one LAN Card and its IP address is 192.168.0.100…
I have installed Squid successfully which listens in port 3128 with “http_port 3128 transparent” in squid.conf….
SBM installed successfully and configured exactly as the same way it was instructed….
Squid is running successfully…. I have tested in one Client PC by setting browser Proxy setting to 192.168.0.100:3128…. websites are being fetched successfully….
but when I remove the proxy setting then websites are not being fetched…
Client computer’s IP address is 192.168.0.101
net mask 255.255.255.0
gateway 192.168.0.100
dns 192.168.0.100
is this the correct setting or not….
transparent proxy not working please help………
and I forgot to mention that in the Squid PC I connect to the internet using ADSL MODEM configured at bridge mode… so I have created a dial up broadband connection…. and I connect to the internet using this dial up broadband connection…..
January 11th, 2010 - 15:27
if you can browse with manual proxy setting, then your squid is installed correctly. so there must be something wrong with the Softperfect Bandwidth Manager settings.
what ip address did you put in on “Softperfect Bandwidth Manager Source Tab” see above image to check which window i meant.
January 31st, 2010 - 13:57
https not working in transparent mode.
When i enter 443 in softperfect to forward to squid then secure webs do not open.
January 31st, 2010 - 16:44
have you opened port 443 for Safe_ports and SSL_ports on squid.conf?
February 6th, 2010 - 20:26
Yes i have already opened 433.
main problem is that https works when i entered proxy address at client borwser but in transparent mode its does not work.
“An error occurred during a connection to http://www.google.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)”
February 20th, 2010 - 04:26
that seems to be problem on the server’s SSL settings
February 19th, 2010 - 22:13
Hi, im newbie and have install squid and Softperfect Bandwidth Manager but can’t understant how to configure to use it in my network. In Server work but not in others computers.
thanks
February 20th, 2010 - 04:25
SBM only need to be installed on the server, no need to installed on client pc
February 20th, 2010 - 04:43
Ok, thanks
March 17th, 2010 - 00:26
Hi, I am trying to set up Squid on my windows 2008 server so I can use it as a proxy server for a PC in another country.
I want to simply put in my PC’s browser proxy the server’s IP address and port (3128) and bingo I can browse through the proxy.
The guide above seems to be for a LAN and not a WAN. Can it be used to work externally?
I have tried for hours and no matter what I do I just get the page with “Error – The requested URL could not be retrieved – Access Denied”, with the reference to Squid at the bottom.
Please can someone help me get this to work?
March 17th, 2010 - 16:20
yes, this is setting for LAN.
squid can be set for internet access too, but you have to secure it using authentication so it will not be open proxy.
to allow access from IP other than your local network, you have to create another ACL, see step 5 of my other post here: http://markus.revti.com/2007/06/installing-squid-cache-for-windows/
June 4th, 2010 - 01:23
Are you available for hire to help me optimize my squid config?
June 6th, 2010 - 15:39
what kind of optimization you’re looking for?
June 20th, 2010 - 04:49
Hi Markus,
I have installed SquidNT 2.5.STABLE1-CVS WWW Proxy Server on my windows 2003 box and its working fine in case of browsing sites. But when i tried configure microsoft outlook express from one of my windows xp client machine it does’nt work. what would be the problem?? can u help me in resolving this problem.
June 20th, 2010 - 05:33
what settings you set on the outlook? squid only proxying http only and not pop3 or imap protocol
June 23rd, 2010 - 18:32
Require some more. snaps of Squid…….
How to configure squid steps by steps in windows server with snaps…….
please
thanks in advance
vasim
June 23rd, 2010 - 18:44
where can i find information about snaps? google doesn’t give meaningful result
June 26th, 2010 - 01:52
can i activate this on my own server? im a bit confused, would i not be just as well to use a proxy like http://www.piratebayproxy.org?
June 28th, 2010 - 01:15
yes you can. with proxy site all over the internet, you’ll never know what they do when you use them to access the web, furthermore if you accessing password protected website, they could get your username and password.
June 30th, 2010 - 01:28
Great tutorial Markus!!!
really appreciate ur effort
June 30th, 2010 - 23:12
Nice tuto Markus.
other way round to make squid as transparent proxy on xp box:
nat (netsh) + active wall pro + squid
active wall >>>> http://en.lanctrl.com
thanks
August 5th, 2010 - 00:52
Hi Marcus, I’m trying to install squid 2.7 on a windows 2008 server. The same config works fine on 2003 but on 2008 it keeps prompting for credentials (i’m using ntlm authentication). Reguardless of the credentials I enter it never authenticates me. Any ideas?
Thanks
August 5th, 2010 - 16:58
Hi Bill,
I didn’t use Windows server 2008 and NTLM so I don’t really know. but have you tried the proxy without NTLM authentication? maybe it get’s blocked by the firewall. Try check the log file too..
July 2nd, 2011 - 14:49
Hi markus,
graet tutorial, but my intranet not working when im using proxy i have program using http inside my network please help
August 11th, 2010 - 08:59
Hi Markus,
i set the softperfect bandwidth manager step by step with u tuto, but i can only use in Internet Explorer ,transparent proxy isn’t work .
any idea?