IPTables configuration for Transparent Proxy

You need to have at least two network interfaces. We call them eth0 and eth1. eth0 brings internet eth1 is the organization network (usually a switch) Accept connection from inside (eth1) and forward them to (eth0) iptables -A FORWARD -o eth0 -i eth1 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT  We accept to forward all already established connection iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT Masquerading (substitute the local source ip address to the public address) iptables -A POSTROUTING -t nat -j MASQUERADE Force all connection to HTTP (80) to go to 8080, where Squid can handle the request sudo iptables -t nat -A PREROUTING -i eth1 -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080  If you need an IP to bypass Squid : sudo iptables -t nat -I PREROUTING 1 -i eth1 -s 192.168.1.XXX -p tcp -m tcp --dport 80 -J ACCEPT       For simple config after config squid, create IP tables with this: iptables -t nat -A PREROUTING -s IP network source -p tcp --dport 80:443 -j DNAT --to-destination IPsquidbox:3128   iptables -t nat -A POSTROUTING-j MASQUARADE