[ask]redirecting to external proxy without mikrotik webproxy

winet · June 22, 2010, 9:35am

for start, i usually using external proxy as a parent through mikrotik webproxy. what the external proxy doing is for caching, and the mikrotik webproxy only to redirect the http requests.
all http request are transparently redirected to mikrotik webproxy

chain=dstnat action=redirect to-ports=8081 protocol=tcp src-address-list=clients dst-port=80

but this method is unusable if i want to use DSCP to mark proxy hit on cache object. i tried to set it on squid, mark packets on mikrotik, and the packets can’t be found as the traffic is going through mikrotik webproxy and mikrotik webproxy probably had already altered packet TOS.

so, i tried to redirect all http proxy directly to the external squid proxy.

chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=3128 protocol=tcp src-address-list=clients dst-port=80

192.168.1.100 = external squid proxy

but it doesn’t work, i also already set

http_port 3128 transparent

on squid.conf, but still the same. there is no traffic when the ‘clients’ are trying to open http connections.

what is actually wrong with the redirection? i searched on google, and mikrotik forum, and all giving the same suggestion, but nothing works.

thanks for any help.

mrz · June 22, 2010, 9:49am

Redirect everything to mikrotik proxy and set parent-proxy=192.168.1.100

winet · June 22, 2010, 10:40am

i’ve done it before, and it works, and i have been using it for more than 2 years. but now i realize, doing so, Cache Hit DSCP won’t work, as the proxy that doing the caching is the parent proxy.

mrz · June 22, 2010, 11:04am

In that case, do not dstnat traffic coming from web proxy.

chain=dstnat action=accept protocol=tcp src-address-list=192.168.1.100 dst-port=80
chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=3128 protocol=tcp src-address-list=clients dst-port=80

winet · June 22, 2010, 11:31am

mrz:

In that case, do not dstnat traffic coming from web proxy.

chain=dstnat action=accept protocol=tcp src-address-list=192.168.1.100 dst-port=80
chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=3128 protocol=tcp src-address-list=clients dst-port=80

same result

winet · June 23, 2010, 5:56am

oh bugger… i forgot to do NAT to squid proxy interface on Mikrotik. it works now, after doing intensive experiment for 2 days, pheeew

ahmedsaffar76 · February 10, 2011, 12:02am

hello ;
what do you mean by that ???
i am trying to do the same of you now but it not working , if i put the externat proxy ip and port in the browser it works and when trying to use mikrotik to redirect to the external proxy without using mikrotik http proxy it not works
would you mind to write all what you did and make the browsing works ?
with best regards
Ahmed