Squid Proxy Transparent

Hello guys,

im not sure if this is the right thread to post this question.

So i have put the idea in my head that i want to set up a proxy server at home, which should mainly serve as a cache server. After a short research I came across Squid - free, fast and "easy to set up".

I have an ESXI Hypervisor running on a workstation and all my VMs are located in the server VLAN 20.

After setting up Ubuntu and playing around with Squid a bit, I came to the conclusion that a transparent proxy might be the most appropriate thing to do. Why? You don't need to set the proxy settings on every client, which is a different issue for wireless devices anyway.

I kept the Squid.conf file as simple as possible:

http_access allow all http_port 3128 intercept 

With Netplan I have created a virtual network interface:

 ens160: addresses: - 20.0.20.19/24 gateway4: 20.0.20.1 name servers: addresses: [20.0.20.1] vlans: vlan.40: id: 40 link: ens160 addresses: [20.0.40.100/24] 

These are the IPtables entries for NAT:

iptables -t nat -A PREROUTING -i ens160 -p tcp --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -A PREROUTING -i ens160 -p tcp --dport 443 -j REDIRECT --to-ports 3128 iptables -t nat -A POSTROUTING -o vlan40@ens160 -j MASQUERADE 

ESXI: The VM is in the port group "VM Network", which is assigned to the normal vSwitch (vSwitch0). VLAN 0 is set there (no tagging)

Switch: The port on the switch is configured as a trunk, with native VLAN 20, i.e. the untagged packets are only tagged at the switch (VLAN 20)

Topology: Meraki MX (Router) -> Meraki MS (Switch) -> ESXI Host -> (vSwitch -> VM Network) -> Squid Server (Ubuntu)

My questions:
- Is this construct even feasible? How would the routing work if the MX(.1) is my gateway. Would i need to change the GW to the proxy and the proxy fordwards the packets to the MX?
- I can not ping 20.0.40.100 from the MX, did i miss something? Do i have to create a new port group with VLAN 40 on the ESXI and assign vlan40@ens160 to it?
Im getting headache only thinking about it, but i want to finish what I have started. Thanks a lot and If you have any remarks, don't hesitate to write :)