Dear All,
I am using mikrotik rb450 5 port router with Dual WAN and doing load balancing and fail over using PCC along with PPPOE Server for bandwidth limitation. Now I wanted to add a ubuntu Squid proxy Server to my setup but I dont really understand how to make it connected with my existing scenario. I tried to used my brain and created the below diagram. I want your suggestion that Is this possible to do this like the one shown in diagram. I just have one router and I dont want to use another router for load balancing or anything else.
- I need help in squid configurations on mikrotik accordingto the diagram (if the scenario is possible)
- Do i need to change gateways on the client IP with Squid Server IP ?? If yes do I also Need to modify my mangle Rules which are currently using LAN interface in them. Following is the complete current configuration :
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526 mac-address=00:0C:42:98:B1:43 mtu=1500 name=LAN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:98:B1:44 master-port=none mtu=1500 name=
WAN1 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:98:B1:45 master-port=none mtu=1500 name=
WAN2 speed=100Mbps
/ip address
add address=10.0.0.1/24 broadcast=10.0.0.255 comment=“” disabled=no interface=LAN network=10.0.0.0
add address=192.168.22.222/24 broadcast=192.168.22.255 comment=“” disabled=no interface=WAN1 network=192.168.22.0
add address=192.168.15.2/24 broadcast=192.168.15.255 comment=“” disabled=no interface=WAN2 network=192.168.15.0
/ip pool
add name=pppoe-users-pool ranges=10.0.0.10-10.0.0.50
/ip dhcp-server add address-pool=pppoe-users-pool authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN lease-time=12h name=“My DHCP Server”
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.1 comment=“” dns-server=8.8.8.8,8.8.4.4,10.0.0.1
/interface pppoe-server server
add authentication=pap default-profile=default disabled=no interface=LAN keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=1 mrru=disabled one-session-per-host=yes service-name=jahazaibdada
/ppp profile
add change-tcp-mss=default dns-server=10.0.0.1 local-address=10.0.0.1 name=Management only-one=default remote-address=dhcp_pool1 use-compression=default use-encryption=
default use-mpls=default use-vj-compression=default
add change-tcp-mss=default local-address=10.0.0.1 name=Staff only-one=default remote-address=dhcp_pool1 use-compression=default use-encryption=default use-mpls=default
use-vj-compression=default
/ppp secret
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0 name=Management password=9211 profile=Management routes=“” service=any
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0 name=Staff password=1234 profile=Staff routes=“” service=any
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=221.132.112.8,221.132.112.9,8.8.8.8
/ip firewall mangle
add action=mark-connection chain=input comment=“” disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input comment=“” disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting comment=“” disabled=no dst-address=192.168.22.0/24
add action=accept chain=prerouting comment=“” disabled=no dst-address=192.168.15.0/24
add chain=prerouting dst-address-type=!local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address=10.0.0.10-10.0.0.50
add chain=prerouting dst-address-type=!local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address=10.0.0.10-10.0.0.50
add chain=prerouting dst-address-type=!local per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address=10.0.0.10-10.0.0.50
add action=mark-routing chain=prerouting comment=“” connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting comment=“” connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=WAN1 src-address=10.0.0.10-10.0.0.50
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=WAN2 src-address=10.0.0.10-10.0.0.50
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.22.198 routing-mark=to_WAN1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.15.1 routing-mark=to_WAN2 scope=30 target-scope=10