SurferTim wrote:My bad!
/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-port=80 to-addresses=192.168.0.2 in-interface=ether1
This way only ether1 (internet) will use this nat. Your local users will still go through the proxy.
EDIT: You also may want to do a
/ip firewall nat print
and insure your squid proxy port 80 dstnat rule is not above this dstnat rule. I believe you can use the place-before=0 variable to put this rule first. The first rule that applies is used, and, as the docs say, all others are ignored.
Chupaka wrote:well, if your users and squid server are in one subnet, you should use srcnat along with dstnat. but you will loose the ability to check user's IP on squid server. Web Proxy returns this ability back =)
hilton wrote:It will work if you set the squid server to be transparent, but not if you need it to authenticate via LDAP.
Code: Select all