HTTP redirect to Cache issue

petyol · December 7, 2006, 8:21am

hi ,

We are using mikrotik as our bandwidth shaper and we have just installed a Cache server (Linux + squid). We are marking all packets using port 80 and we are redirecting it to the cache server. the Caching is working , but what we have noticed is that the total traffic on port 80 does not match the amount of traffic being redirected to the cache server .

has anyone seen a similar problem before?

Thx

Francis Victor
Kokonet LTD
http://www.kokonet.sc
http://www.seychelles.sc

sergejs · December 7, 2006, 8:25am

Enable transparent proxy on the MikroTik Router and specify ‘parent-proxy’ in proxy configuration.

petyol · December 7, 2006, 9:05am

We have done that , but still it does not match

here is the code…

chain=dstnat in-interface=eth1_downlink protocol=tcp dst-port=80 action=redirect to-ports=8080

ip web-proxy print
enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: “pro”
transparent-proxy: yes
parent-proxy: x.x.x.x:8080
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: no

Still the redirecting rule traffic does not match the amount of HTTP taffic being marked

sergejs · December 7, 2006, 9:08am

‘in-interface’ name should be the local interface.

petyol · December 7, 2006, 9:10am

by the way we are running routeros 2.9.24

petyol · December 7, 2006, 9:13am

yes eth1-downlink is our local interface, please note that our cache is working as we can see the hits from the log.

galaxynet · December 7, 2006, 2:46pm

The only thing I see may be at issue would be your source IP address - 0.0.0.0/0. Typically you also put the source IP address space you want to use the proxy with in here. As you have anything coming in eth1-downlink can use the proxy.

I also have never seen the amount of traffic exactly match on a proxy. They are somewhat close but never match.

So how big a difference are you seeing?

petyol · December 7, 2006, 3:59pm

The http marking rule will show around 3 Mbps of HTTP traffic, and the redirecting rule will show like 128 Kilobits /s even lower most of the time.

galaxynet · December 10, 2006, 3:10pm

I expected a little diference but you have a whole lot of difference - so that means either everyone is going somewhere the cache won’t cache or not all the http traffic is being ‘tagged’ by your rule so not hitting the cache.

This rule you have:

chain=dstnat in-interface=eth1_downlink protocol=tcp dst-port=80 action=redirect to-ports=8080

Needs to be the first dst-nat rule you have - is it? If not make it that way - the only exception would be if you placed a rule to allow access to the MT router itself via http on your incoming interface (in-interface=eth1_downlink ) before this rule - or you need to exclude the MT router’s address from the source address list.

parent-proxy: x.x.x.x:8080

I know you mean to hide the IP address but this should be 0.0.0.0:0

You didn’t mention anything about the Access list being activated either…have you done that?

This what my web proxy on the MT router box says:

enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: proxy
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: webmaster
max-object-size: 4096 kB
cache-drive: system
max-cache-size: 1048576
status: running
reserved-for-cache: 1694 MB

Thom