I have a routeros v5.x on RB751g-2HND and squid proxy running on 1 computer.
the squid proxy is running on 192.168.1.254 machine and the entire network is on 192.168.1.0/24
I use this rules to use the proxy in transparent mode.
/ip firewall nat
add chain=dstnat action=dst-nat protocol=tcp src-address=192.168.1.0/24 dst-port=80 to-addresss=192.168.1.254 to-ports=3128
but I think it’s bad because the machine running proxy wanting to access to internet will connect to itself in a loop.
but I don’t know how to do it so everything pass by the proxy except the proxy itself. this is probably why it doesn’t work actually.
many thanks for your help.
Yes, that is why it doesn’t work.
If you want to use NAT instead of configuring each individual PC with the IP of the proxy, You could solve it by putting the proxy on a different port on the router, and giving it an IP in a different subnet which won’t hit the DSTNat rule.
Yes as this will be used for public wifi access, so setting each client is not possible.
So the only way is to use another subnet? if so, will try to figure how to do it.
Many thanks for the info
I suggested separate IP spaces because it may make administration a bit easier, and having the proxy on a different port on your router will provide better throughput.
If you prefer not to do that, you could create a specific DSTNat rule for the proxy server’s IP which immediately hands off the packet without applying the DST nat.
/ip firewall nat add chain=dstnat src-address=192.168.1.254 dst-port=80 action=accept
Just make sure this rule is in an appropriate spot above your other NAT Rules.
Thanks alot with all your answer this is really appreciated. Prefer to keep everything on same subnet.