Everyone in South Africa wants to save a little more bandwidth, as low traffic caps are the rule of the day (esp if you are hanging off an expensive 3G connection).
While the "correct" thing to do is to use wpad autodetection, and thus politely request that users use your proxy, this isn't always an option:
So, here's how you do it:
aptitude install squid), configure it to have a reasonably large storage pool, give it some sane ACLs, etc.
http_port 8080 transparentto
http_port 10.1.1.1:8080 transparentif you are using explicit
invoke-rc.d squid reload
If you run squid on your network's default gateway, then you are done. Otherwise, if you have a separate router, you need to do the following on the router:
The reason we use
iproute rules rather than
iptables DNAT is that you lose destination-IP information with a DNAT (like the envelope of an e-mail).
An alternative solution is to run tinyproxy on the router (with the transparent option, enabled in ubuntu but not debian), use the REDIRECT rule above on the router, to redirect to the tinyproxy, and have that
upstream to the squid. But tinyproxy requires some RAM, and on a WRT54 or the likes, you don't have any of that to spare...
Should you need to temporarily disable this for any reason:
iptables -t nat -F PREROUTING
iptables -t mangle -F PREROUTING