ACL Squid from DHCP Mikrotik

andriputra · October 3, 2012, 4:08am

Hi All,

Is there any possibilities on squid to set acl from RouterOS..

this is my current network configuration :

Proxy with squid

ip address proxy : 192.168.8.3/29

MikroTik router

ip eth1 : 192.168.8.2/29
ip eth2 : 192.168.1.251/24

mikrotik gateway : 0.0.0.0/0 gw 192.168.8.3

in the squid.conf :

acl me src 192.168.8.2/255.255.255.255
http_access allow me

this configuration is working perfectly..

the question is how to set acl from 192.168.1.0/24 ?

I need to set acl from client who get ip from dhcp mikrotik 192.168.1.0/24.

ex : acl client1 src 192.168.1.10-192.168.1.20/255.255.255.255
acl client2 src 192.168.1.65-192.168.1.77/255.255.255.255

Thanks in advance..

deejayq · October 3, 2012, 7:19am

i don’t think you can
what you can do is use web proxy feature of routeros.
set the parent proxy and parent proxy port of web proxy to 192.168.8.3 (and the port squid is listening to)
create on routeros an address-list with the ip’s of the computers you want to connect via proxy.
use this how to to set routeros web proxy as a transparent proxy http://wiki.mikrotik.com/wiki/How_to_make_transparent_web_proxy
add a rule in filter to allow requests to the port the web proxy is listening to from the address-list
block all other requests

Feklar · October 3, 2012, 2:26pm

Why not just accept everything from the 192.168.1.0/24 subnet? That would be a lot easier than trying to script in functionality that doesn’t really do anything but give it more places to break.