Using Squid with DDWRT @ TuxGuides.com

Using Squid with DDWRT

Posted on June 22nd, 2009 admin 3 comments

Squid has several different uses. It is a proxy for internet connections. It can be used to speed up the internet by caching commonly used pages/images to speed up page load times, and decrease bandwidth usage. It can also be used to filter Internet connections (remove ads or block bad webpages) by configuring and adding plugins to it.

In this particular case, I am going to be focusing on how to setup and use Squid with your router running the open source firmware, ddwrt (also confirmed to work on tomato firmware mods).

Configuring Squid:

You are going to need a computer that is either on 24/7 or one that is on whenever you need access to the internet. I have a server running at my house that is always on, so I decided to use that. I am running ubuntu on my server, so my instructions will be specific to that, but if you are running a different distribution of Linux, you should be able to easily figure out what what commands you will need to use in order to install and configure squid.

sudo apt-get install squid

Then, you need to configure the software to allow transparent proxying (forcing users to use the proxy by channeling all http traffic going through the router to go through the squid proxy). If you do not want to force all users to use a transparent proxy, skip the following sections, and use the section at the end that explains how to use the proxy by configuring your browser.

sudo nano /etc/squid/squid.conf

edit:

http_port 3128

to read:

http_port 3128 transparent

Configuring DDWRT:

First, you need to enable ssh on your router to allow you to edit some commands (see the guide here or here).

Next, you need to create and run a script (or you can add this as a startup script for ddwrt). Make sure you edit the four variables in lines 2-5:

#!/bin/sh INTERNAL_NETWORK=\"192.168.69.0/24\" ROUTER_IP=\"192.168.69.1\" PROXY_SERVER=\"192.168.69.123\" PROXY_PORT=\"3128\" if [ -z $TRANSPARENT_PROXY ]; then /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp --dport 80 -j DNAT --to $PROXY_SERVER:$PROXY_PORT /usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p tcp -d $PROXY_SERVER -j SNAT --to $ROUTER_IP /usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d $PROXY_SERVER -i br0 -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT export TRANSPARENT_PROXY=\"1\" else echo \"This script has already run!\" echo \"If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell.\" fi

If you created this as a startup script for ddwrt, you now need to restart your router in order for it to work. If you created it as a script, you can simply run the script to enable the transparent proxy. This script will have to be recreated and run every time you restart the router, so it is recommended that you set it up as a startup script once you get it working.

If you ever need to disable the proxy, just create and run the following script:

#!/bin/sh INTERNAL_NETWORK=\"192.168.69.0/24\" ROUTER_IP=\"192.168.69.1\" PROXY_SERVER=\"192.168.69.123\" PROXY_PORT=\"3128\" if [ -z $TRANSPARENT_PROXY ]; then /usr/sbin/iptables -t nat -D PREROUTING -i br0 -s $INTERNAL_NETWORK -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT /usr/sbin/iptables -t nat -D PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp --dport 80 -j DNAT --to $PROXY_SERVER:$PROXY_PORT /usr/sbin/iptables -t nat -D POSTROUTING -o br0 -s $INTERNAL_NETWORK -p tcp -d $PROXY_SERVER -j SNAT --to $ROUTER_IP /usr/sbin/iptables -t filter -D FORWARD -s $INTERNAL_NETWORK -d $PROXY_SERVER -i br0 -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT export TRANSPARENT_PROXY=\"1\" else echo \"This script has already run!\" echo \"If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell.\" fi

If you have any issues with getting this to work, please post in the comments section, and I will do my best to help you.

Bookmark It

Guides, Ubuntu ddwrt, proxy, squid, tomato, Ubuntu
3 responses to “Using Squid with DDWRT”
- gbrent August 28th, 2009 at 17:32
  
  I feel that this kinda defeats the purpose of the dd-wrt router. Why not just install everything on the Ubuntu server and make it a Linux router project?
  
  I am trying to get a cut down version of squid onto my dd-wrt router so I can use it as a high anonymous proxy server and connect to it remotely. I have many work projects that I can only connect to via my home network. I would use open VPN but I am afraid the other end will find out. I don’t want to have to setup another machine for this… I want it all on the router.
- admin August 28th, 2009 at 17:44
  
  I don’t really think that it defeats the purpose of the dd-wrt router. I like to have the router separate from my server to make things more simplistic. The router doesn’t use that much power, and makes it easier to fix if I have any issues.
  
  Instead of trying to put squid on ddwrt, I recommend using ssh tunneling. This is included by default with ddwrt (you just have to enable it), and is more secure/better suited than squid is.
- Hugo2kmx September 16th, 2009 at 23:22
  
  I think it’s a great script, I’m just wondering if is also possible to add the script to router using telnet or web interface instead ssh…
Leave a reply

Click here to cancel reply.

Name (required)

Mail (will not be published) (required)

Website