Hi,

I'd like to implement a network scenario where I can use the firewall of Mikrotik and a Webfilter (Squidguard) + proxy cache.

What I have in mind is something like this:

1- The computers is configured with the DNS of my Active Directory server.
2 - I would like to have a transparant proxy where all the internet requests coming from computers, passthrough Squid to use cache and be filtered using the webFilter.
3 - After the requests be treated inside the proxy, they go to mikrotik to go out internet. Mikrotik will do the internet links load balance using mangle to mark the connections and the routes.

Is possible to do this?
How I could set my network to work like this?

Thank you.

Since you use AD, you could just define the proxy setting in domain policy.

If you want it done transparently, then make an address-list for hosts that may go directly to http, and add the proxy server to this list as well as other hosts that may be approved for non-proxy.

Then make a dstnat rule in-interface = LAN, proto TCP, day-port 80,443 src-address-list=!directHTTPhosts action=dstnat to-address=proxy.IP to-ports=8080

Since you use AD, you could just define the proxy setting in domain policy.

If you want it done transparently, then make an address-list for hosts that may go directly to http, and add the proxy server to this list as well as other hosts that may be approved for non-proxy.

Then make a dstnat rule in-interface = LAN, proto TCP, day-port 80,443 src-address-list=!directHTTPhosts action=dstnat to-address=proxy.IP to-ports=8080

What if you specified the default gateway of PC's to point to the proxy, then configure your proxy with two NIC's and the second NIC goes to your 'LAN port' on the router.

Is the negative that all of your web traffic ( DNS, SMTP, FTP .etc ) is then passing through the proxy creating additional unnecessary payload?