Sekedar berbagi, implementasi menggunakan Centos 5 + Squid + Shorewall 4.2.6 Pastikan squid dah berjalan normal, nanti kita akan coba set transparent proxy dengan bantuan Shorewall.

Pastikan ip forwarding sudah diset enable, "net.ipv4.ip_forward = 1" (/etc/sysctl.conf)

Download paket shorewall di www.shorewall.net bisa pake wget atau apapun yang penting source shorewall kita peroleh. Paket utama yakni shorewall-common dan shorewall-perl

Karena saya menggunakan source maka gunakan perintah dibawah ini untuk extract paketnya :

tar -jxf shorewall-common-4.6.2.tar.bz2  
tar -jxf shorewall-perl-4.6.2.tar.bz2  

dimasing-masing direktori hasil extract (folder shorewall-common-4.6.2 dan shorewall-perl-4.6.2) diatas, kita lakukan proses install dengan perintah (jangan lupa, masuk foldernya dulu):

./install.sh

Setelah terinstall, shorewall bisa kita set otomatis dijalankan pada saat Startup dengan melakukan editing /etc/shorewall/shorewall.conf dan rubah menjadi STARTUP_ENABLED=Yes.

Setelah, itu lakukan konfigurasi file-file shorewall :

1. /etc/shorewall/zone

#Zone Display Comments
fw firewall
net ipv4 #Internet
loc ipv4 #Local Networks
#LAST LINE – add your entries before this line – DO NOT REMOVE

2. /etc/shorewall/policy

#SOURCE ZONE DESTINATION ZONE POLICY LOGLEVEL LIMIT:BURST
fw net ACCEPT
loc net ACCEPT
net all DROP
all all REJECT
#LAST LINE – add your entries before this line – DO NOT REMOVE

3. /etc/shorewall/interface

#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect blacklist
loc eth1 detect
#LAST LINE – add your entries before this line – DO NOT REMOVE

4. /etc/shorewall/masq

#INTERFACE SUBNET ADDRESS (eth0 ke internet, eth1 ke LAN jadi silakan disesuaikan)
eth0 eth1
#LAST LINE – add your entries before this line – DO NOT REMOVE

5. /etc/shorewall/rules

# Rule dari local ke mesin

# Terima koneksi dari DNS ( Port DNS 53 )
ACCEPT loc fw tcp 53
ACCEPT loc fw udp 53

# Terima proxy squid( transparent proxy port 3128 )
ACCEPT loc fw tcp 3128
ACCEPT loc fw tcp 8080

# Terima Koneksi Web port 80
ACCEPT loc fw tcp 80

# Terima koneksi ftp
ACCEPT loc fw tcp 20
ACCEPT loc fw tcp 21

# Terima koneksi untuk SSH
ACCEPT loc fw tcp 22

# Rule dari internet ke mesin router/gateway (centos)

# Terima koneksi DNS
ACCEPT net fw tcp 53
ACCEPT net fw udp 53

# Terima koneksi SSH port 22
ACCEPT net fw tcp 22

# Terima koneksi web Port 80
ACCEPT net fw tcp 80

# Terima koneksi pop3, imap, smtp
ACCEPT net fw tcp 25,110,143
ACCEPT fw net tcp 25,110,143
ACCEPT loc fw tcp 25,110,143
ACCEPT loc net tcp 25,110,143

# Terima koneksi ping
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw net icmp 8

# Redirect request port 80 (http) ke port 3128 (squid, Squid transparent proxy, jangan lupa di squid diaktifkan opsi transparent)
REDIRECT loc 3128 tcp 80

Start shorewall menggunakan perintah :

shorewall start atau /etc/init.d/shorewall start

Selamat mencoba ..

Sumber : internet+pengalaman :)