I’ve just installed a squid cache server on a linux machine, the hierarchy is like this :
WAN LINK
|
------------- ---------------------
| Mikrotik Box | | Cache Linux Server |
------------- ----------------------
| /
| /
----------------------
| Switch ( Cheap one ) |
----------------------
| | |
Client1 Client2 Client3 etc.
What i’m trying to do is, I want all the traffic regarding to port 80 from Client1,Client2,Client3 to be forwarded to my Cache server at port 8080.
I tried with redirect rule, but it seems it only maps ports on his own and can’t redirect somewhere else.
You have to use action=dstnat, as well do not forget to specify to-addresses, where you have to put squid address.
action=redirect is used to redirect traffic to router itself.
I tried this alredy a few minutes ago, but I get this error in return:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: /firefox?client=firefox-a&rls=org.mozilla:en-US:official
The following error was encountered:
* Invalid URL
Some aspect of the requested URL is incorrect. Possible problems:
* Missing or incorrect access protocol (should be `http://'' or similar)
* Missing hostname
* Illegal double-escape in the URL-Path
* Illegal character in hostname; underscores are not allowed
I’m not sure why is this showing up, it is coming from my proxy server , altho when I point my browser to my proxy server it works fine.
Altho, there’s one thing i’d like to mention, i’m connecting to this internal network via VPN, because i’m not there physically, does that change anything?
I’m probably gettin beyond of mikrotik point, somewhere says I need my proxy in transparent mode, which I think it is, but still if it works like this just by pointing my browser to the proxy, it should work fine with redirection too.
Hello Zenoss,
I had the same problem some day ago.
I solved it configuring squid as a transparent proxy server.
To do this, if you have squid version 2.6 you have to edit the squid configuration file (squid.conf) putting the following line:
http_port 3128 transparent
instead of
http_port 3128
Of course the command “http_port 3128” is the default squid proxy port configuration.
If you are using Webmin, you have to specify the option “transparent” on:
Servers → Squid Proxy Server → Ports and Networking
Thanks for your response,
I’ve alredy added transparent on the option, but still i get the same error.
Do i need probably to set some rules or something special?
I don’t know what exactly is myip in your configuration, but basically there should be two dstnat rules if you want to redirect all requests from local subnet. For example local subnet 192.168.1.0/24 and proxy is 192.168.1.250:8080
Hello Zenoss,
I think that the problem could be on the access lists of the proxy server.
What happens should be the following:
the hotspot receives your request no the Wireless interface and nat it to the proxy server address and proxy server port (to do it you should have configured the ip firewall nat rules on the Mikrotik);
when the hotspot forwards the request to the proxy server, it is forwarded not with the original address, but with the address of the interface which communicates with the proxy as the source address (the WAN address??), and it happens even if you don’t enable the webproxy feature on it;
then, if you at the moment on the proxy server have an access list which permits just the network configured on the hotspot interface, it could be not enough.
U can install squid whit Tproxy and set the squid as brigde this work great but you have use 2 NIC and if the power of squid goes you have to unplugg squid. as router-squid-switch-clients.
The good thing is that u do not have to change any thing to the network.
Im workin now whit triangel routing so the squid can stand as standalone server.
But have get this to work yet but have seen it done. more advance but the holle net do not crash if the server goes down.
you problem is here “While trying to retrieve the URL: /firefox?client=firefox-a&rls=org.mozilla**:en-US:official**”
try only http://www.google.com whitout : in url