MikroTik

Hi,

I have a problem to redirect the mikrotik router to the port 3128 of the squid in another machine, I would like to know what do I have to change in my configuration:

Initially I have a proxy server in CentOS with squid and Firestarter (which makes NAT), the port that squid is listening is 3128
I have also a mikrotik router with NAT to pass the internet to my computer but in order to actually have internet in my computer i have to configure the proxy settings in my browser.

Then I tried to configure those settings inside of the router to make it transparent to the computers and not change the browser configurations in every computer. I tried this

/ip firewall nat add chain=dstnat dst-address=192.168.2.1/32 port=6(tcp) dst-port=80 in-interfaces=ether1 action=redirect to-port=3128

where 192.168.2.1 is the gateway to reach the squid in my centos proxy

When I take out the proxy settings in my web browser I don´t have internet, I still need the browser configuration.
Can you give me any suggestion to make it transparent from the router and not from the squid itself?

Thanks for your advices in advance

Hi,

You need to make your squid ready to interecpt packets sent from mk so u just need to edit your squid.conf file which should be in this dir on centos /usr/local/squid/etc and add the word "transparent" after "http_port 3128" then reconfigure squid or restart it, best regards

Hi kthameen,

I actually did it, i added the "transparent" after the port and saved it then restarted the squid but still is not working.
Do you know what would be the problem?, thanks for your help
best regards

Hi,

Is really any way to avoid making transparent the proxy and set the configuration to redirect to the port 3128 from the mikrotik router?

thanks

which squid version are you using ?

did you solve your problem? please check the firewall rules.... on what port the squid is listening?

Maybe, if not misunderstood, IMHO, you have a conceptual error. You have to redirect to your Squid every request with dst-port 80, by means of a dst-nat, not a redirect, because de redirection direction must be the Squid expernal IP. If you did the "transparent" thing in squid.conf, try this rule in your Mikrotik:

/ip firewall nat
add action=dst-nat chain=dstnat comment="JFilippo - Prueba Proxy" disabled=no \
dst-port=80 protocol=tcp src-address=!10.1.0.192 to-addresses=10.1.0.192 \
to-ports=3128

In this export, my Squid server has the 10.1.0.192.

Good luck!

Thanks you all guys....it worked