MikroTik

Community discussions
https://forum.mikrotik.com/

Squid with mikrotik router

https://forum.mikrotik.com/viewtopic.php?t=78241

Page 1 of 1

Squid with mikrotik router

Posted: Sat Oct 26, 2013 11:04 am
by niren
I tried to connect squid3 in my network to use high anonymity proxy. This is how my network is right now
Code: Select all
   
    WAN LINK
         |
 -------------           ---------------------------
| Mikrotik Box |        |   Ubuntu Server with squid3  |
 -------------          ----------------------------
         |                 /
         |               /
 ----------------------
| Switch ( Cheap one ) |
 ----------------------
    |         |        |       
  Client1  Client2  Client3   etc.
after this setup I changed squid.conf in Ubuntu server as

1. http_port 8080

2. acl localhost src xxx.xxx.xxx.xxx(Ubuntu server IP)

3 acl to_localhost dst xxx.xxx.xxx.xxx(Mikrotik router gateway) I assume that redirected http from Mikrotik router will be redirect again to Mikrotik router.

4. uncomment access log /var/log/squid3/access.log

5. add visible_hostname myname

save squid.conf and restart squid3 server.

Then I have added nat rule in Mikrotik router

ip/firewall/nat
Code: Select all
1.  add chain=dstnat src_address=xxx.xxx.xxx.xxx(ununtu server IP) dst-port=80 protocol=tcp action=accept

2. add chain=dstnat src_address=xxx.xxx.xxx.xxx/28(LAN address) dst-port=80 protocol=tcp action=dst-nat to-address=xxx.xxx.xxx.xxx(ununtu server IP) to-port=8080
now I can not able to access internet from client1 system, If I remove these two nat rule then I can access internet. what is wrong I have made?

Re: Squid with mikrotik router

Posted: Sat Oct 26, 2013 3:03 pm
by PeterSullivan
Have you checked all the setting what about DNS setting have you checked all those.

Re: Squid with mikrotik router

Posted: Wed Oct 30, 2013 7:40 am
by aacable
Squid MUST be connected with mikrotik to isolate it from the user LAN, not to switch.
for example:

Mikrotik
LAN1 = User LAN 10.0.0.x
LAN2 = WAN 1.2.3.x
LAN3 = to SQUID 192.168.1.x

then use dst-nat method to route port 80 request to squidip:port

That's it :)
Code: Select all
  add chain=dstnat src_address=xxx.xxx.xxx.xxx(ununtu server IP) dst-port=80 protocol=tcp action=accept
the above rule is required if you are using MARK n ROUTE method, also in mark-n-route method, squid must have user subnet ROUTE defined in order to connect with user. Avoid this method if you are new to squid and mikrotik. simply use dst-nat method which is easy and quick , i have few guides on both dst-nat and mark-n-route method :D
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/