Mikrotik setup with Squid+TProxy

pospanko · January 10, 2011, 8:14pm

Hi!
My network looks like this (in simple way):

Main MT Router:
ether1 - Clients
ether2 - Radius server
ether3 - Radius/Web server
ether4 - MT Internet Gateway

All of my network is routed, not bridged. So, each interface it’s on it own subnet. Users are 10.10.0.0/16, Proxy is 10.70.0.0/24, Radius is 10.71.0.0/24 and Internet gateway is on 10.72.0.0/24 on Main router. We have few Access points, but they are all coming to one interface on main router. Squid is working great in transparent mode (with dst-nat), but I can’t use 3 ADSL lines which we have on Internet gateway router, so I tried it with TProxy bit with no sucess… Can someone help me with this? How to setup Mikrotik router, how to setup Squid (Debian)? Should I use NAT or routing?

Thx in advance.

pospanko · January 14, 2011, 12:16pm

Anyone?
I’ll pay beer on MUM in Budapest

pospanko · January 19, 2011, 3:03pm

2 beers? 3?

andrescamino · January 19, 2011, 10:19pm

u strictly need the Squid to have the connections for the actual users, or u just want it to use it as cache??

if u don’t care about connections…have you tried with parent proxy??

blake · January 20, 2011, 1:51am

You should only need / require TProxy in when using public IPs to customers. Since you’re not using public IPs I don’t see any reason to use TProxy. Just redirect them with dst-nat and define ‘http_port 3129 transparent’ (or something similar) for the Squid listening port.

NAT Squid across the ADSL lines using PCC.

pospanko · January 20, 2011, 7:42am

Yes, squid in transparent mode works ok, but I have starnge bahavior on Internet gateway. I tried with NTH, PCC, When I route proxy to only one line, everything works great (I don’t have enought bandwith on only one line for production usage), but when I try to route them with multiple gateways, I have a problems, Some pages just don’t open on clients… I tried with PCC (both addresses and ports) but problem were still active. Beside that, in few weeks I’l get package of IP addresses so clients will go out with their own IP address. Because of that I want to configure squid+tproxy so that no furthure modifications will be made.

pospanko · April 9, 2011, 3:08pm

Can anyone help me setup MT and squid to work with tproxy?

Chupaka · April 11, 2011, 8:24am

just use ‘src-address’, not ‘both-addresses-and-ports’

pospanko · April 12, 2011, 4:07pm

Hi,

I figured how to setup proxy to work with multiple gateways, but now I need help on how to setup tproxy, I just can’t make it work…

So, I have one interface on my Squid box and now it is working as transparent proxy. On my main MT router, i marked http traffic and routed it to proxy. On proxy I have nat rule to forward traffic to port 3128 ($IPT -t nat -A PREROUTING -i $INT -p tcp --dport 80 -j REDIRECT --to-port 3128). Everything works great except that all out traffic is from proxy with it IP address.
Can someone help me to setup main router and Squid box to work in tproxy mode?
Thx for help to everyone.

Chupaka · April 12, 2011, 9:29pm

you have to route to proxy only traffic with src-mac-address=!mac_of_proxy_machine

and IPT rule should have something like “-j TPROXY” instead of “-j REDIRECT” (see TProxy docs for details)