We have an squid server and it works well with cisco.

We are struggling to get it to work with mikrotik .

The server is om port 3128 ip 10.3.0.251

When i Config the router it must be configured as

" all incoming traffic on port 80 that passes needs to be transparently redirected to 10.3.0.251 on port 3128"

I don't have any experience on squids or this routing.

We can get some sites to work but because the mikrotik is not "transparent" it crasehes the squid server.


Is there anybody who can help?

crashes? O_o

with what error?

p.s. don't let us to guess - post what have been done already in config

Sorry,

can't get it to route succesfully through the server.

I have followed the sample as per documentation but no luck.

I know the server work as it has been tested with Cisco.

I know it is only "my configuration" but I have 0 knowledge of this

what's you users' address space?

look on skype grassiecoetzee is that what you asked?

redirect all traffic on port 80 to port 3128 on your squid. use dst-nat. i also have squid and works well. But i have used squid and proxy on the mikrotik box. Not much of a difference . What is the amount of traffic going through the Mikrotik

look on skype grassiecoetzee is that what you asked?

I mean, what subnet do you use for your clients?

if it's not the same as squid's subnet - then you simply add DST-NAT rule, as gmidia said

The hi site is as follows:

Ip 10.3.0.0/24

The main router is

10.3.0.1 Main Link & 10.3.05 ( as backup link)
10.3.0.2 Direction North
10.3.0.3 Direction South and and ptp clients
10.3.0.4 AP Bridge (sectors)
10.3.0.5 Direction West and Back up link to internet
10.3.0.6 AP Bridge (sectors)

The squid Server IP is 10.3.0.251 port 3128

All are interconnected via switch (hub)

I have followed the sample in documentation and did a dst nat from port 80 to port 3128

I configured the router ip 10.3.0.2 to work via the squid but had some problems


/ip firewall nat
/ip proxy
[grassie@knb2.theweb.co.za] /ip proxy> print
enabled: no (currently off because I had problems)
src-address: 0.0.0.0
port: 3128
parent-proxy: 10.3.0.251
parent-proxy-port: 3128
cache-administrator: ""
max-cache-size: none
cache-on-disk: no
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: yes
cache-hit-dscp: 4
/ip proxy access
set enabled=yes port=3128 cache-administrator=erastus@theweb.co.za

had some problems

if you have some problems, you should do something to solve it

you haven't answered: where are you clients? in general, you should simply add dst-nat to your squid's port for http traffic

They all have 10.2.X.X or 10.3.X.X

The network is 100% it is only the interface to the squid server

The network is 100%

??? O_o


and what's with that NAT rule? does it work?

no nat rule only one nat at internet connection

then

simply add dst-nat to your squid's port for http traffic

... and check!..

Like this:

0 X chain=dstnat action=dst-nat to-addresses=10.3.0.251 to-ports=3128 protocol=tcp dst-port=80

yes, like this. but if your squid accesses the Internet via the same router, you should add src-address=!10.3.0.251

Thanks for your help I think the squid server is not working

- doctor, I feel pain when I touch myself here, and here, and here...
- hmmm... let me see... oh! you simply have broken your finger

after days of struggling the they realized the squid was not working!!!!

I also think the !10.3.0.252 help as I never used that

Many thanks for your help !!!!

look on skype grassiecoetzee is that what you asked?

I mean, what subnet do you use for your clients?

if it's not the same as squid's subnet - then you simply add DST-NAT rule, as gmidia said

MANY THANKS !! You guide me ionto the problem !!!