Proxies: Complete Guide to Proxy Servers and Transparent Proxying
Proxies are intermediary servers that sit between clients and destination servers, forwarding requests and responses while providing various functionalities like anonymity, content filtering, caching, and traffic routing. This comprehensive guide covers different types of proxies, popular proxy software, and transparent proxying solutions like redsocks.
What are Proxies?
A proxy server acts as a gateway between users and the internet, receiving requests from clients, forwarding them to destination servers, and returning the responses back to clients. Proxies can modify requests, cache responses, filter content, and provide anonymity by hiding the client's real IP address.
Types of Proxies
HTTP/HTTPS Proxies
- Purpose: Handle web traffic (HTTP/HTTPS protocols)
- Features: Web caching, content filtering, SSL termination
- Common Ports: 8080, 3128, 8888
- Use Cases: Corporate web filtering, caching, bypassing geo-restrictions
SOCKS Proxies
- Purpose: Handle any type of traffic (protocol-agnostic)
- Versions: SOCKS4, SOCKS4a, SOCKS5
- Features: UDP support (SOCKS5), authentication, DNS resolution
- Common Ports: 1080, 1081, 9050
- Use Cases: Tunneling applications, gaming, P2P, Tor networks
Transparent Proxies
- Purpose: Intercept traffic without client configuration
- Features: Automatic redirection via iptables/firewall rules
- Use Cases: Network-wide proxy enforcement, content filtering
- Tools: redsocks, iptables REDIRECT target
Reverse Proxies
- Purpose: Forward requests to backend servers on behalf of servers
- Features: Load balancing, SSL termination, caching
- Use Cases: Web servers, API gateways, CDNs
- Tools: Nginx, Apache, HAProxy
Redsocks - Transparent SOCKS/HTTP Proxy Redirector
Redsocks is a daemon that transparently redirects network connections to SOCKS or HTTP proxies using iptables rules. It enables transparent proxying without requiring application-level proxy configuration.
Key Features
- Transparent operation: No application configuration needed
- Multiple proxy support: SOCKS4, SOCKS5, HTTP CONNECT
- Chain proxying: Route traffic through multiple proxy layers
- DNS resolution: Handle DNS queries through proxy
- IPv4/IPv6 support: Dual-stack networking support
Installation
Ubuntu/Debian
# Install from repositories
sudo apt update
sudo apt install redsocks
# Install dependencies for building from source
sudo apt install build-essential git libevent-dev
Red Hat/CentOS/Fedora
# RHEL/CentOS (enable EPEL first)
sudo yum install epel-release
sudo yum install redsocks
# Fedora
sudo dnf install redsocks
# Build dependencies
sudo dnf install gcc git libevent-devel make
Arch Linux
# Install from AUR
yay -S redsocks
# or
sudo pacman -S redsocks
Building from Source
# Clone and build
git clone https://github.com/darkk/redsocks.git
cd redsocks
make
# Install binary
sudo cp redsocks /usr/local/bin/
sudo chmod +x /usr/local/bin/redsocks
Configuration
Create redsocks configuration file:
sudo nano /etc/redsocks.conf
Basic SOCKS5 Configuration
base {
log_debug = off;
log_info = on;
log = stderr;
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 127.0.0.1;
local_port = 12345;
ip = 127.0.0.1; # SOCKS proxy IP
port = 1080; # SOCKS proxy port
type = socks5;
login = "username"; # Optional authentication
password = "password"; # Optional authentication
}
HTTP Proxy Configuration
base {
log_debug = off;
log_info = on;
log = "file:/var/log/redsocks.log";
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 0.0.0.0;
local_port = 8080;
ip = proxy.example.com; # HTTP proxy server
port = 8080; # HTTP proxy port
type = http-connect;
}
Multiple Proxy Configuration
base {
log_debug = off;
log_info = on;
log = "file:/var/log/redsocks.log";
daemon = on;
redirector = iptables;
}
# SOCKS5 proxy for general traffic
redsocks {
local_ip = 127.0.0.1;
local_port = 12345;
ip = 192.168.1.100;
port = 1080;
type = socks5;
}
# HTTP proxy for web traffic
redsocks {
local_ip = 127.0.0.1;
local_port = 12346;
ip = 192.168.1.101;
port = 8080;
type = http-connect;
}
Running Redsocks
Manual Execution
# Test configuration
sudo redsocks -c /etc/redsocks.conf -t
# Run in foreground (for testing)
sudo redsocks -c /etc/redsocks.conf
# Run as daemon
sudo redsocks -c /etc/redsocks.conf -d
Systemd Service
# Create systemd service file
sudo nano /etc/systemd/system/redsocks.service
[Unit]
Description=Redsocks transparent SOCKS proxy redirector
After=network.target
[Service]
Type=forking
PIDFile=/var/run/redsocks.pid
ExecStart=/usr/bin/redsocks -c /etc/redsocks.conf -p /var/run/redsocks.pid
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
# Enable and start service
sudo systemctl daemon-reload
sudo systemctl enable redsocks
sudo systemctl start redsocks
# Check status
sudo systemctl status redsocks
IPTables Rules for Transparent Proxying
Basic Transparent Proxy Setup
# Create new chain for redsocks
sudo iptables -t nat -N REDSOCKS
# Ignore local and reserved addresses
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
# Redirect all TCP traffic to redsocks
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
# Apply redsocks chain to OUTPUT traffic
sudo iptables -t nat -A OUTPUT -p tcp --dport 1:65535 -j REDSOCKS
Selective Proxy Rules
# Only proxy specific destinations
sudo iptables -t nat -A OUTPUT -p tcp -d 203.0.113.0/24 --dport 80,443 -j REDIRECT --to-ports 12345
# Proxy traffic from specific users
sudo iptables -t nat -A OUTPUT -m owner --uid-owner 1000 -p tcp -j REDIRECT --to-ports 12345
# Proxy traffic to specific ports
sudo iptables -t nat -A OUTPUT -p tcp --dport 80,443 -j REDIRECT --to-ports 12345
Save IPTables Rules
# Ubuntu/Debian
sudo iptables-save | sudo tee /etc/iptables/rules.v4
# Red Hat/CentOS
sudo service iptables save
# Using iptables-persistent
sudo apt install iptables-persistent
sudo netfilter-persistent save
Squid Proxy Server
Squid is a powerful HTTP/HTTPS proxy server with extensive caching and filtering capabilities.
Installation
# Ubuntu/Debian
sudo apt update
sudo apt install squid
# Red Hat/CentOS/Fedora
sudo dnf install squid
# Start and enable
sudo systemctl start squid
sudo systemctl enable squid
Basic Configuration
# Edit main config file
sudo nano /etc/squid/squid.conf
Basic Forward Proxy Setup
# Basic configuration
http_port 3128
# Access control
acl localnet src 192.168.0.0/16
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
# Allow local networks
http_access allow localnet
http_access allow localhost
# Deny all other access
http_access deny all
# Cache settings
cache_dir ufs /var/spool/squid 1000 16 256
maximum_object_size 50 MB
cache_mem 256 MB
# Logging
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
Authentication Setup
# Install auth helpers
sudo apt install squid-common
# Create password file
sudo htpasswd -c /etc/squid/passwords username1
sudo htpasswd /etc/squid/passwords username2
sudo chown proxy:proxy /etc/squid/passwords
sudo chmod 640 /etc/squid/passwords
Add to squid.conf:
# Authentication
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid Proxy Server
acl authenticated proxy_auth REQUIRED
# Allow authenticated users
http_access allow authenticated
Advanced Features
Content Filtering
# Block specific domains
acl blocked_sites dstdomain .facebook.com .twitter.com
http_access deny blocked_sites
# Block file types
acl blocked_files urlpath_regex \.(exe|zip|mp3|avi)$
http_access deny blocked_files
# Time-based access
acl business_hours time MTWHF 09:00-17:00
http_access allow localnet business_hours
SSL Bump (HTTPS Inspection)
# SSL bump configuration
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
# Certificate for SSL bump
http_port 3128 ssl-bump cert=/etc/squid/certs/squid.pem
# Generate certificate
sudo openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 \
-keyout /etc/squid/certs/squid.pem -out /etc/squid/certs/squid.pem
Dante SOCKS Server
Dante is a robust SOCKS4/SOCKS5 server implementation.
Installation
# Ubuntu/Debian
sudo apt install dante-server
# Red Hat/CentOS/Fedora
sudo dnf install dante-server
Configuration
sudo nano /etc/danted.conf
Basic SOCKS5 Server
# Basic configuration
logoutput: /var/log/danted.log
internal: eth0 port = 1080
external: eth0
# Authentication method
socksmethod: username
# Client rules
client pass {
from: 192.168.0.0/16 to: 0.0.0.0/0
log: connect disconnect error
}
# SOCKS rules
socks pass {
from: 192.168.0.0/16 to: 0.0.0.0/0
log: connect disconnect error
}
With Authentication
# Authentication configuration
socksmethod: username
user.privileged: root
user.unprivileged: nobody
# Add system users for SOCKS auth
# sudo useradd -r -s /bin/false socksuser
# sudo passwd socksuser
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
socksmethod: username
log: connect disconnect error
}
Running Dante
# Start service
sudo systemctl start danted
sudo systemctl enable danted
# Check status
sudo systemctl status danted
# Test SOCKS proxy
curl --socks5 localhost:1080 http://httpbin.org/ip
Tor - The Onion Router
Tor (The Onion Router) is a free and open-source privacy network that routes internet traffic through multiple encrypted layers to provide anonymity. Tor runs a SOCKS proxy on localhost that can be used directly by applications or transparently via tools like redsocks.
Key Features
- Anonymity: Routes traffic through multiple encrypted relays
- SOCKS proxy: Provides SOCKS4a/SOCKS5 proxy on port 9050
- Hidden services: Access .onion sites and create hidden services
- DNS resolution: Resolves DNS queries through Tor network
- Cross-platform: Available on Linux, Windows, macOS
Installation
Ubuntu/Debian
# Install from repositories
sudo apt update
sudo apt install tor
# Install Tor Browser (optional)
sudo apt install torbrowser-launcher
Red Hat/CentOS/Fedora
# Enable EPEL repository (RHEL/CentOS)
sudo yum install epel-release
# Install Tor
sudo dnf install tor # Fedora
sudo yum install tor # RHEL/CentOS
# Install from Tor Project repository (recommended)
sudo dnf install dnf-plugins-core
sudo dnf config-manager --add-repo https://rpm.torproject.org/fedora/torproject.repo
sudo dnf install tor
Arch Linux
# Install from official repositories
sudo pacman -S tor
# Install Tor Browser
sudo pacman -S torbrowser-launcher
Configuration
Basic Tor Configuration
# Edit Tor configuration
sudo nano /etc/tor/torrc
# Basic Tor configuration
SocksPort 9050
SocksPolicy accept 127.0.0.1
SocksPolicy accept 192.168.0.0/16
SocksPolicy reject *
# Control port (for management)
ControlPort 9051
HashedControlPassword 16:872860B76453A77D60CA2BB8C1D0C6E6F9B9DC6B0D1B4F7E8E1A3CC8D5
# DNS port for transparent proxying
DNSPort 5353
# Transparent proxy port
TransPort 9040
TransListenAddress 127.0.0.1
Generate Control Password
# Generate hashed password for control port
tor --hash-password "your_password_here"
# Add the output to torrc as HashedControlPassword
Advanced Configuration
# Additional configuration options
Log notice file /var/log/tor/notices.log
DataDirectory /var/lib/tor
# Bridge configuration (for censored networks)
UseBridges 1
Bridge obfs4 192.0.2.2:80 B84F6C6B4BD0F1CD6CA1C6D2F5C9E5F8F1D0B2A3
# Exit node country selection
ExitNodes {us},{ca},{gb}
StrictNodes 1
# Bandwidth limits
BandwidthRate 1 MB
BandwidthBurst 2 MB
# Hidden service configuration
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080
Running Tor
Start Tor Service
# Start and enable Tor
sudo systemctl start tor
sudo systemctl enable tor
# Check status
sudo systemctl status tor
# View logs
sudo journalctl -u tor -f
sudo tail -f /var/log/tor/notices.log
Test Tor Connection
# Test SOCKS proxy
curl --socks5 127.0.0.1:9050 http://httpbin.org/ip
# Check if using Tor (should show Tor exit node IP)
curl --socks5 127.0.0.1:9050 https://check.torproject.org/api/ip
# Test with different user agents
curl --socks5 127.0.0.1:9050 -A "Mozilla/5.0" https://icanhazip.com
Transparent Proxying with Tor
Using Redsocks with Tor
# Configure redsocks for Tor
sudo nano /etc/redsocks.conf
base {
log_debug = off;
log_info = on;
log = "file:/var/log/redsocks.log";
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 127.0.0.1;
local_port = 12345;
ip = 127.0.0.1;
port = 9050; # Tor SOCKS port
type = socks5;
}
redudp {
local_ip = 127.0.0.1;
local_port = 10053;
ip = 127.0.0.1;
port = 5353; # Tor DNS port
dest_ip = 8.8.8.8;
dest_port = 53;
}
IPTables Rules for Tor Transparent Proxy
#!/bin/bash
# Tor transparent proxy iptables script
# Flush existing rules
iptables -F
iptables -t nat -F
# Create Tor user (if not exists)
sudo useradd -r -s /bin/false tor-user
# Don't route Tor user traffic through Tor (prevent loops)
iptables -t nat -A OUTPUT -m owner --uid-owner $(id -u tor-user) -j RETURN
# Don't route local traffic through Tor
iptables -t nat -A OUTPUT -o lo -j RETURN
# Don't route private networks through Tor
iptables -t nat -A OUTPUT -d 192.168.0.0/16 -j RETURN
iptables -t nat -A OUTPUT -d 172.16.0.0/12 -j RETURN
iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN
# Route all other TCP traffic through Tor TransPort
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040
# Route DNS queries through Tor
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
# Save rules
iptables-save > /etc/iptables/tor-rules.v4
Tor Browser and Applications
Configure Applications for Tor
# Firefox proxy settings (manual configuration)
Network Settings > Manual proxy configuration:
SOCKS Host: 127.0.0.1
Port: 9050
SOCKS v5: enabled
Proxy DNS when using SOCKS v5: enabled
# Command line applications
curl --socks5 127.0.0.1:9050 https://example.com
wget --proxy=on --https-proxy=127.0.0.1:9050 https://example.com
# SSH through Tor
ssh -o ProxyCommand="nc -X 5 -x 127.0.0.1:9050 %h %p" [email protected]
# Git through Tor
git config --global http.proxy socks5://127.0.0.1:9050
git config --global https.proxy socks5://127.0.0.1:9050
Hidden Services
Create a Hidden Service
# Add to /etc/tor/torrc
HiddenServiceDir /var/lib/tor/my_website/
HiddenServicePort 80 127.0.0.1:8080
# Restart Tor
sudo systemctl restart tor
# Get your .onion address
sudo cat /var/lib/tor/my_website/hostname
Access Hidden Services
# Access .onion sites through Tor
curl --socks5 127.0.0.1:9050 http://3g2upl4pq6kufc4m.onion
# Using torsocks wrapper
torsocks curl http://3g2upl4pq6kufc4m.onion
Tor Troubleshooting
Connection Issues
# Check if Tor is running
sudo systemctl status tor
sudo netstat -tlnp | grep :9050
# Test Tor connectivity
curl --socks5 127.0.0.1:9050 https://check.torproject.org/api/ip
# Check Tor logs
sudo journalctl -u tor -f
sudo tail -f /var/log/tor/notices.log
# Common error: "Could not bind to 127.0.0.1:9050"
sudo ss -tlnp | grep :9050 # Check what's using the port
Slow Performance
# Try different exit nodes
echo "ExitNodes {us},{ca},{de}" | sudo tee -a /etc/tor/torrc
sudo systemctl restart tor
# Increase circuit timeout
echo "CircuitBuildTimeout 30" | sudo tee -a /etc/tor/torrc
# Check bandwidth limits
grep -i bandwidth /etc/tor/torrc
Transparent Proxy Issues
# Check if transparent proxy is working
curl https://check.torproject.org/api/ip # Should show Tor exit IP
# Debug iptables rules
sudo iptables -t nat -L -n -v
sudo iptables -L -n -v
# Check for DNS leaks
dig @127.0.0.1 -p 5353 google.com
nslookup google.com 127.0.0.1
# Monitor traffic
sudo tcpdump -i lo port 9040
sudo netstat -tlnp | grep tor
Bridge Configuration (for Censored Networks)
# Get bridges from https://bridges.torproject.org/
# Add to /etc/tor/torrc
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 192.0.2.2:80 B84F6C6B4BD0F1CD6CA1C6D2F5C9E5F8F1D0B2A3 cert=...
# Test bridge connectivity
sudo systemctl restart tor
sudo journalctl -u tor -f
Security Considerations for Tor
Important Security Notes
- DNS Leaks: Always route DNS through Tor (port 5353) or use transparent proxy
- Application Leaks: Some applications may bypass proxy settings
- Time Zone: Consider setting system timezone to UTC
- Browser Fingerprinting: Use Tor Browser for best anonymity
- Exit Node Monitoring: Be aware that exit nodes can see unencrypted traffic
- Entry Guards: Tor automatically selects and reuses entry guards for security
Secure Configuration
# Additional security settings for /etc/tor/torrc
AvoidDiskWrites 1
HardwareAccel 1
SafeLogging 1
DisableDebuggerAttachment 1
# Use only stable relays
UseEntryGuards 1
StrictNodes 1
# Disable potentially dangerous features
DisableNetwork 0
DisableV2DirectoryRequests 1
Monitoring Tor Usage
# Monitor Tor circuits
sudo -u tor tor --verify-config
echo "GETINFO circuit-status" | nc 127.0.0.1 9051
# Check current IP and location
curl --socks5 127.0.0.1:9050 https://ipinfo.io/json
# Verify Tor usage
curl --socks5 127.0.0.1:9050 https://check.torproject.org/api/ip
3proxy - Lightweight Proxy Server
3proxy is a small but feature-rich proxy server supporting multiple protocols.
Installation
# Build from source
git clone https://github.com/3proxy/3proxy.git
cd 3proxy
make -f Makefile.Linux
# Install
sudo cp bin/3proxy /usr/local/bin/
sudo cp bin/proxy /usr/local/bin/
sudo cp bin/socks /usr/local/bin/
Configuration
sudo nano /etc/3proxy.cfg
Multi-Protocol Configuration
# Logging
log /var/log/3proxy.log
# Authentication
users user1:CL:password1
# HTTP proxy on port 8080
proxy -p8080
# SOCKS proxy on port 1080
socks -p1080
# Allow access from local network
allow 192.168.0.0/16
Running 3proxy
# Run with config file
sudo 3proxy /etc/3proxy.cfg
# Create systemd service
sudo nano /etc/systemd/system/3proxy.service
[Unit]
Description=3proxy Server
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/3proxy /etc/3proxy.cfg
Restart=on-failure
User=nobody
Group=nogroup
[Install]
WantedBy=multi-user.target
Troubleshooting Common Issues
Redsocks Issues
"bind: Address already in use"
# Check what's using the port
sudo netstat -tlnp | grep :12345
sudo ss -tlnp | grep :12345
# Kill process using the port
sudo pkill -f redsocks
# Use different port in config
local_port = 12346;
"Connection refused" to proxy server
# Verify proxy server is running
telnet proxy_ip proxy_port
# Check proxy credentials
# Test with curl
curl --socks5 username:password@proxy_ip:proxy_port http://httpbin.org/ip
# Check redsocks logs
sudo tail -f /var/log/redsocks.log
IPTables rules not working
# Check current rules
sudo iptables -t nat -L -n -v
# Test rule matching
sudo iptables -t nat -I OUTPUT -p tcp --dport 80 -j LOG --log-prefix "PROXY_TEST: "
sudo tail -f /var/log/kern.log
# Reset rules if needed
sudo iptables -t nat -F
sudo iptables -t nat -X REDSOCKS
Squid Issues
Permission Denied Errors
# Fix cache directory permissions
sudo chown -R proxy:proxy /var/spool/squid
sudo chmod -R 755 /var/spool/squid
# Initialize cache
sudo squid -z
# Check config syntax
sudo squid -k parse
Access Denied (403 Forbidden)
# Check ACL configuration
sudo grep -n "http_access" /etc/squid/squid.conf
# Test ACL matching
sudo squid -k debug
# Common fix - allow local network
acl localnet src 192.168.0.0/16
http_access allow localnet
DNS Resolution Issues
# Add DNS servers to squid.conf
dns_nameservers 8.8.8.8 1.1.1.1
# Check system DNS
sudo systemd-resolve --status
cat /etc/resolv.conf
SOCKS Proxy Issues
Authentication Failures
# Test SOCKS authentication
curl --socks5 username:password@localhost:1080 http://httpbin.org/ip
# Check user exists (for system auth)
getent passwd socksuser
# Verify dante configuration
sudo danted -V -f /etc/danted.conf
Connection Timeouts
# Check firewall rules
sudo ufw status
sudo iptables -L
# Test port accessibility
telnet proxy_server 1080
# Monitor connections
sudo ss -tulnp | grep :1080
General Proxy Debugging
Network Connectivity Tests
# Test direct connection
curl -I http://httpbin.org/ip
# Test through HTTP proxy
curl -I --proxy http://proxy:8080 http://httpbin.org/ip
# Test through SOCKS proxy
curl -I --socks5 proxy:1080 http://httpbin.org/ip
# Check DNS resolution through proxy
nslookup google.com proxy_dns_server
Log Analysis
# Monitor proxy logs in real-time
sudo tail -f /var/log/squid/access.log
sudo tail -f /var/log/danted.log
sudo tail -f /var/log/redsocks.log
# Search for errors
sudo grep -i error /var/log/squid/cache.log
sudo grep -i "connection refused" /var/log/redsocks.log
# Analyze traffic patterns
sudo awk '{print $3}' /var/log/squid/access.log | sort | uniq -c | sort -nr
Security Considerations
Access Control
- Implement proper ACLs: Restrict proxy access to authorized networks/users
- Use authentication: Enable username/password or certificate-based auth
- Monitor access logs: Regularly review proxy usage logs
- Limit destination access: Block malicious or inappropriate destinations
Encryption
- Use HTTPS/TLS: Ensure proxy connections are encrypted
- Certificate validation: Properly validate SSL certificates
- Avoid SSL bumping: Only use HTTPS inspection when absolutely necessary
- Secure credentials: Store proxy passwords securely
Network Security
# Firewall rules for proxy servers
sudo ufw allow from 192.168.0.0/16 to any port 3128 # HTTP proxy
sudo ufw allow from 192.168.0.0/16 to any port 1080 # SOCKS proxy
# Rate limiting with iptables
sudo iptables -A INPUT -p tcp --dport 3128 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
Monitoring and Alerting
# Monitor failed authentication attempts
sudo grep "authentication failed" /var/log/squid/cache.log
# Monitor unusual traffic patterns
sudo awk '{print $7}' /var/log/squid/access.log | grep -E "(exe|zip|torrent)" | wc -l
# Set up log rotation
sudo nano /etc/logrotate.d/proxy-logs
Performance Optimization
Caching Configuration
# Squid cache optimization
cache_mem 512 MB
maximum_object_size_in_memory 64 KB
cache_dir ufs /var/spool/squid 2000 16 256
maximum_object_size 100 MB
# Cache hierarchy
cache_peer parent.proxy.com parent 3128 0 default
cache_peer_access parent.proxy.com allow all
Connection Limits
# Squid connection limits
http_port 3128 connection-limit=1000
client_lifetime 1 hour
half_closed_clients off
Resource Monitoring
# Monitor proxy performance
sudo htop
sudo iotop
sudo netstat -i
# Check cache statistics (Squid)
sudo squidclient -h localhost -p 3128 mgr:info
sudo squidclient mgr:cachedir
Understanding proxy servers and transparent proxying solutions like redsocks enables you to implement sophisticated network routing, content filtering, and privacy solutions. Whether you need simple web caching, secure SOCKS tunneling, or transparent traffic redirection, these tools provide the foundation for advanced networking configurations.
