Difference between Squid and MT Proxy and opinions

RouterOS General
1

Hi guys.

I have used Squid integrated on 2.9X versions of Mikrotik for quite a while now. Yesterday i downloaded and tested version 3beta7 that has the new Proxy server of MT. It seemed nice but i don’t know how will it react in a production environment. Does any of you have opinions??
I’am more familiar with squid and i needed to know if there is a way to stick with squid in the newer relases..
And the last question, is there any way to have access in the squid.conf of the SquidCache in Mikrotik ???

Thanks

2

It would be nice to be able to edit the squid.conf for all the little tricks you can do with it, but i suppose it could become a weakness .

3

I’m using SQUID on Linux server and not in MT router, it is much faster than web proxy in MT, you can edit squid.conf etc etc. I’m using Mikrotik just for routing and wireless solutions.

Regards.

Faton

4

Thanks Faton

I’m also using Squid in a stand alone box in average size LANs but it would be nice to be able to tune better the squid in MT, for using in small lans. What do u think??

5

on what distribution of linux server may i ask fatonk ??

6

samsoft08
I’m using gentoo and in some cases fedora, with gentoo I’m very much satisfied. I’m using only the CLI mode no webmin or any other web interface. I had a bad experience with webmin and one version of SQUID they didn’t had a good relationship.

GuJack20
I agree it would be very good to be able to tweak and tune SQUID in Mikrotik, but that depends on Mikrotik developers and other constrains.


Regards.

Faton

7

thanks for reply fatonk , i will use fedora , and i wonder is it ok to use a GUI ( i’m new in linux ) ..

8

You really don’t need a GUI for what you will be using the box for , if anything it will make it harder to use/understand.

Once its up and going , if you want to change something , you just have to edit config files . Even if you use a GUI , you’ll still have to edit them anyway usually. Pico is an easy to use editor if you’re not used to stuff.

Say you wanted to change somethign in Squids config file , this is all you’d have to do …

#cd ( wherever your squid.conf is )

#pico squid.conf

Edit the part you want to , save & quit

squid -k recofigure

job done.

9

Im using CentOS for my cache.Goes nice :slight_smile:

10

can anybody post his/her squid conf? lets share it over here and fine-tune it :wink:
my squid conf!!!

 --------------------------------------------------- 
squid.conf 
--------------------------------------------------- 
http_port 8080 


hierarchy_stoplist cgi-bin ? .pl .cgi .php .php3 .php4 .shtml 
acl QUERY urlpath_regex cgi-bin \? .pl .cgi .php .php3 .php4 .shtml 
no_cache deny QUERY 

cache_mem 256 MB 
cache_swap_low 90 
cache_swap_high 95 
maximum_object_size 4096 KB 
minimum_object_size 0 KB 
maximum_object_size_in_memory 8 KB 



cache_dir ufs /cache1  24 256 
cache_dir ufs /cache2  24 256 
cache_access_log none 
cache_log none 
cache_store_log none 
pid_filename none 


refresh_pattern -i .(class|pdf|rtf|doc|wp|wp5|ps|prn)$ 1440 90% 1440 override-lastmod override-expire reload-into-ims ignore-reload 
refresh_pattern -i .(mov|avi|mpg|wav|au|mid|mp3)$ 1440 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload 
refresh_pattern -i .(zip|gz|arj|lha|lzh|rar|tgz|tar|Z)$ 1440 80% 1440 override-lastmod override-expire reload-into-ims ignore-reload 
refresh_pattern -i .(jpg|gif|jpeg|png|css|js)$ 1440 19000% 1440 override-lastmod override-expire reload-into-ims ignore-reload 
refresh_pattern -i .(bmp|tif|tiff|xbm)$ 1440 17000% 1440 override-lastmod override-expire reload-into-ims ignore-reload 
refresh_pattern -i .(png|swf)$ 1440 18000% 1440 override-lastmod override-expire reload-into-ims ignore-reload 
refresh_pattern ^ftp: 1440 20% 10080 
refresh_pattern ^gopher: 1440 0% 1440 
refresh_pattern . 0 20% 4320 


acl all src 0.0.0.0/0.0.0.0 
acl manager proto cache_object 
acl localhost src 127.0.0.1/255.255.255.255 
acl localnet src 192.168.0.0/255.255.255.0 
acl SSL_ports port 443 563 
acl Safe_ports port 21 70 80 210 280 443 563 488 591 777 1025-65535 
acl CONNECT method CONNECT 
http_access allow manager localhost 
http_access deny manager 
http_access deny !Safe_ports 
http_access deny CONNECT !SSL_ports 
http_access allow localhost 

http_access allow localnet 
http_access allow all 


cache_mgr Administrator 
cache_effective_user squid 
cache_effective_group squid 
visible_hostname Siamcafe@net 


reload_into_ims on 


ie_refresh on 
emulate_httpd_log on 
httpd_accel_host virtual 
httpd_accel_port 80 
httpd_accel_with_proxy on 
httpd_accel_uses_host_header on 
query_icmp off 
buffered_logs on
11

well , thanks for all this usefull information guys .. it seems i need a SQUID manual !!! to configure it ..

one question please … how to connect the squid server to the network ? i mean connect it to the main switch which is connected to MT local interface ? or by connecting it between the MT and the switch ? or any other way …

12

samsoft. Squid is easy to configure.It gets a little trickier if you want to tune it for maximum performance. I, for example haven’t tuned it at all it seems.Anyway it goes really nice.
You can connect the PC running squid in many ways. The most simple way is to connect it inside your LAN, like any other PC.

Maroon, for how many clients r u using the squid shown here?? and how much cache size r u using?

13

so nice …

ok , its only connecting a SQUID server to my lan , now , how to redirect the http request to it ?

14

than you should configure the browsers of the clients to connect to the internet through squid.

In Mozilla Firefox → Tools → Options → Connections

Internet explorer → Tools → Internet Options → Connections → LAN Settings

15

guys, did you read the ORIGINAL POST? RouterOS does NOT use squid in later versions

16

if you want to redirect HTTP to your proxy, then set up MT parent proxy feature pointing to your squid.

also - you could check out keywords like “transparent proxy” in forum search.

17

Guys, whats the reason that MT isn’t using squid anymore..? What are the improvements?

18

so we can fix the problems ourselves, and not rely on somebody else. improvements are speed and features

19

What are you using if not Squid? Also, Squid is open source… it would seem to make a lot more sense to use a working, compliant cache than to write one from the ground up and encounter all the intricacies of the HTTP specification. No offense but I really don’t think MT will be able to come up with a caching HTTP proxy that is anywhere near the level of performance and compliance as Squid, not without blatantly disregarding the HTTP specifications regarding caching at least…

Speaking of which, you should never use refresh_patterns like maroon posted… overriding the origin server is not something to be taken lightly and WILL cause problems for your users when they are unable to receive updated content. Only in the most dire of circumstances (dialup backhaul for your 100 customers) should you be overriding the cache policies of origin servers.

20

we made one for ourselves, it’s not based on anything. right now it works really well. remember that we are not trying to make another squid - RouterOS is for routers, so we made something that suits our needs.