There is a excellent article about setting up transparent proxy to control web traffic using Squid and Cisco router. Here's my summary note.
Step 1: Install Squid Cache
Step 2: Prepare Squid Cache
$ sudo vi /etc/sysctl.conf
# To make sure the OS will never drop the packet because of wrong dest IP addr.
net.ipv4.ip_forward = 1 #set to 1 for enable the packet forwarding feature
# To make sure the OS will accept packets that not accessible or the dest IP addr in the same subnet
net.ipv4.conf.default.rp_filter = 0 # set to 0 for disable the reverse path filter behavior
$
Step 3: Create GRE interface
$ vi /etc/sysconfig/network-script/ifcfg-gre0
DEVICE=gre0
BOOTPROTO=static
IPADDR=10.0.0.2 #unused ip address in your network
NETMASK=255.255.255.252
ONBOOT=yes
IPV6INIT=no
$ sudo service network restart
$
Step 4: Configuring Squid Cache
$ vi /etc/squid/squid.conf
http_port 3128 intercept # Define SQUID listening port
wccp2_router 192.168.1.254 #ip address of the router
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0
$ service squid restart
$ sudo iptables -t nat -A PREROUTING -i gre0 -p tcp --dport 80 -j REDIRECT --to-port 3128
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
Step 5: Cisco router configuration
Enable WCCP at Cisco router
R1(config)# ip wccp version 2
Then we must use an ACL for introducing SQUID cache machine to router
R1(config)# ip access-list standard SQUID-MACHINE
R1(config-std-nacl)# permit host 192.168.1.10
Define ACL to except squid-cache from WCCP tunnel. Then forward web traffic to squid-cache via WCCP tunnel.
R1(config)#ip access-list LAN-TRAFFICS
R1(config-ext-nacl)#deny ip host 192.168.1.10 any #Prevent SQUID to get in loop
R1(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 any equal www #define LAN Traffics
Next, create ACL with WCCP:
R1(config)# ip wccp web-cache redirect-list LAN-TRAFFIC group-list SQUID-MACHINE
Last, specific the interface for web traffic re-direction:
R1(config)#interface fastEthernet 0/0
R1((config-if)# ip wccp web-cache redirect in
Link: