This MY Topology
I have made NAT redirect to Proxy server In Mikrotik. and I also have made transparent mode, acl allow mikrotik src ( mikrotik IP ) in squid.conf, but why my client can’t browsing. this secreen shoot my browser
pleasee help me
Hi…
In squid.conf look for some ims seetings that has to be done in order to use squid as peer…also look for cache_peer becasue you are trying to set it up as a peer…
Go through this page http://www.visolve.com/squid/squid24s1/neighbour.php you will know what settings has to be done on squid.conf…
If it does not work then in squid.conf create an acl to allow the IP range of your network…
I remain not to can connect to internet
this my configuration in mikrotik and my squid.conf
ip mikrotik 202.152.19.59/29
ip Proxy server 202.152.19.60/29
NAT in mikrotik
chain=dstnat action=redirect to-ports=3128 src-address=!202.152.19.60
in-interface=ether2 dst-port=80 protocol=tcp
my squid.conf
http_port 3128 transparent
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 64 MB
maximum_object_size_in_memory 64 KB
ipcache_size 8192
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
cache_mgr asraf@edited
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir ufs /var/spool/squid 102400 16 256
cache_access_log /var/log/squid/access.log
#cache_access_log none
cache_log /var/log/squid/cache.log
cache_store_log none
emulate_httpd_log off
pid_filename /var/run/squid.pid
mime_table /usr/share/squid/mime.conf
log_fqdn off
memory_pools off
client_netmask 255.255.255.0
client_netmask 255.255.255.248
refresh_pattern ^ftp: 40320 95% 241920 reload-into-ims
refresh_pattern . 120 80% 14400 reload-into-ims override-lastmod
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
negative_ttl 2 minutes
half_closed_clients off
read_timeout 15 minutes
client_lifetime 2 hours
pconn_timeout 60 seconds
request_timeout 1 minutes
shutdown_lifetime 10 seconds
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.0.0/255.255.255.0
acl mikrotik src 202.152.19.59/255.255.255.248
acl PURGE method PURGE
acl POST method POST
acl GETONLY method GET
acl VIRUS urlpath_regex winnt/system32/cmd.exe?
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl snmppublic snmp_community public
Hotmail workaround
header_access Accept-Encoding deny all
http_access allow localhost
http_access allow lan
http_access allow manager lan
http_access allow mikrotik
http_access allow PURGE localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny PURGE
http_access deny VIRUS
http_access deny all
http_reply_access allow all
icp_access allow lan
icp_access deny all
miss_access allow lan
miss_access deny all
cache_effective_user proxy
cache_effective_group proxy
visible_hostname proxy.asrafnet.com
logfile_rotate 7
forwarded_for on
icp_hit_stale on
log_icp_queries off
query_icmp on
buffered_logs off
strip_query_terms off
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/English
store_avg_object_size 13 KB
store_objects_per_bucket 10
client_db on
snmp_port 3401
snmp_access allow snmppublic lan
snmp_access deny all
coredump_dir /cache01
reload_into_ims on
pipeline_prefetch on
ie_refresh on
vary_ignore_expire on
and this NAT in proxy server
#!/bin/sh -e
rc.local
This script is executed at the end of each multiuser runlevel.
Make sure that the script will "exit 0" on success or any other
value on error.
In order to enable or disable this script just change the execution
bits.
By default this script does nothing.
exit 0
Generated by iptables-save v1.3.6 on Mon May 19 17:56:37 2008
*mangle
REROUTING ACCEPT [872:963121]
:INPUT ACCEPT [872:963121]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [822:185373]
OSTROUTING ACCEPT [829:186238]
COMMIT
Completed on Mon May 19 17:56:37 2008
Generated by iptables-save v1.3.6 on Mon May 19 17:56:37 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j LOG
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP
-A INPUT -d 255.255.255.255 -i eth1 -j ACCEPT
-A INPUT -d 202.152.19.60 -i eth1 -j ACCEPT
-A INPUT -d 202.152.19.63 -i eth1 -j ACCEPT
-A INPUT -d 224.0.0.1 -j DROP
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -d 224.0.0.1 -j DROP
-A FORWARD -j LOG
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 255.255.255.255 -o eth1 -j ACCEPT
-A OUTPUT -s 202.152.19.60 -o eth1 -j ACCEPT
-A OUTPUT -s 202.152.19.63 -o eth1 -j ACCEPT
-A OUTPUT -d 224.0.0.1 -j DROP
-A OUTPUT -j LOG
-A OUTPUT -j DROP
COMMIT
Completed on Mon May 19 17:56:37 2008
Generated by iptables-save v1.3.6 on Mon May 19 17:56:37 2008
*nat
REROUTING ACCEPT [7:561]
OSTROUTING ACCEPT [31:2024]
:OUTPUT ACCEPT [42:4350]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
COMMIT
Completed on Mon May 19 17:56:37 2008
Generated by iptables-save v1.3.6 on Mon May 19 18:03:03 2008
*mangle
REROUTING ACCEPT [890:964311]
:INPUT ACCEPT [890:964311]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [834:185913]
OSTROUTING ACCEPT [841:186778]
COMMIT
Completed on Mon May 19 18:03:03 2008
Generated by iptables-save v1.3.6 on Mon May 19 18:03:03 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j LOG
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP
-A INPUT -d 255.255.255.255 -i eth1 -j ACCEPT
-A INPUT -d 202.152.19.60 -i eth1 -j ACCEPT
-A INPUT -d 202.152.19.63 -i eth1 -j ACCEPT
-A INPUT -d 224.0.0.1 -j DROP
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -d 224.0.0.1 -j DROP
-A FORWARD -j LOG
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 255.255.255.255 -o eth1 -j ACCEPT
-A OUTPUT -s 202.152.19.60 -o eth1 -j ACCEPT
-A OUTPUT -s 202.152.19.63 -o eth1 -j ACCEPT
-A OUTPUT -d 224.0.0.1 -j DROP
-A OUTPUT -j LOG
-A OUTPUT -j DROP
COMMIT
Completed on Mon May 19 18:03:03 2008
Generated by iptables-save v1.3.6 on Mon May 19 18:03:03 2008
*nat
REROUTING ACCEPT [18:1407]
OSTROUTING ACCEPT [34:2204]
:OUTPUT ACCEPT [45:4530]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i 202.152.19.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 202.152.19.60:3128
COMMIT
Completed on Mon May 19 18:03:03 2008
pleasee help me and correction my configuration
You have to enable the Mikrotik in-built proxy server and set the parent proxy to 202.152.19.60, parent proxy port to 3128
Hi…
Please post the LOGS of squid cache server, so that it will become a bit clear what issues are you having.
do you mean like this??
root@asraf-proxy:/etc/squid# tail -f /var/log/squid/access.log
1211508391.972 0 202.152.19.0 TCP_MISS/403 1522 POST http://guest2.meebo.org/mm?1211508399343588 - NONE/- text/html
1211508392.752 0 202.152.19.0 TCP_MISS/403 1470 GET http://yahoo.com/ - NONE/- text/html
1211508393.578 0 202.152.19.0 TCP_MISS/403 1470 GET http://yahoo.com/ - NONE/- text/html
1211508412.014 0 202.152.19.0 TCP_MISS/403 1522 POST http://guest1.meebo.org/mm?1211508419390648 - NONE/- text/html
1211508432.056 0 202.152.19.0 TCP_MISS/403 1522 POST http://guest2.meebo.org/mm?1211508439421882 - NONE/- text/html
1211508463.086 0 202.152.19.0 TCP_MISS/403 1470 GET http://yahoo.com/ - NONE/- text/html
1211508463.299 0 202.152.19.0 TCP_MISS/403 1492 GET http://yahoo.com/favicon.ico - NONE/- text/html
1211508464.695 0 202.152.19.0 TCP_MISS/403 1470 GET http://yahoo.com/ - NONE/- text/html