Redirect traffic to Squid ( Linux )

kazanova · September 23, 2010, 8:05pm

no luck?
try to redirect 80 to 8080
and use internal proxy
parent proxy(squid address )
parent port (squid port)

RAHQGideon · September 25, 2010, 10:30am

I am using a similar proxy setup as you are and it is working 100%. Just make sure you have the parent proxy port set up corectly, this stuffed me around initialy, here is my config. Note that this is not my gateway router with the wan’s connected but the router behind it.

 1   chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80 

 2   chain=srcnat action=masquerade

 enabled: yes
             src-address: 0.0.0.0
                    port: 8080
            parent-proxy: 10.172.3.2
       parent-proxy-port: 800
     cache-administrator: ""
          max-cache-size: none
           cache-on-disk: no
  max-client-connections: 1000
  max-server-connections: 1000
          max-fresh-time: 11h6m
   serialize-connections: no
       always-from-cache: yes
          cache-hit-dscp: 4
             cache-drive: system

Hope this helps.

lukkes · September 26, 2010, 2:23am

using a parent proxy and setup many clients can use all your cpu of the routerboard, the best way it’s to use the redirect chains

kazanova · September 26, 2010, 12:09pm

…

kazanova · September 26, 2010, 5:45pm

what if i dont want to use parent proxy
direct to squid

lukkes · September 27, 2010, 12:50am

sergejs:

ip firewall nat add action=dst-nat dst-port=80 protocol=tcp src-address="client's_used subnet" to-addresses="squid_address" to-ports=8080 chain=dstnat

http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php

This is the correct way, dont waste more time, your problem it’s on the squid box, a bad squid acl configuration,

navidrasi · October 1, 2011, 9:27am

hi
i had sample problem
i think problem is when you use dst-nat in mikrotik DST ip changed to your squid box ip
there for your squid cann’t understand what web site your client try to open
so i removed dst-nat and use routing mark
and routing to send my client tcp 80 traffic to squid box
and in squid box i had use iptables to redirect traffic to port 3128

bowzak · February 2, 2012, 2:05pm

not sure if this helps anyone…

I needed to setup a transparent proxy for Websense. My mikrotik is using hotspot. I used the dstnat entry, but initially I was getting Proxy Cycle errors. Once I set the parent proxy to the websense ip in IP-Web Proxy, it worked fine.

mdKhan17 · September 1, 2012, 1:25pm

Hi i am newbie in here can anyone tell me how many clients i can manage in this squid caching server through mikrotik?

Chupaka · September 1, 2012, 4:34pm

thousands

serek · November 6, 2012, 1:41pm

mrz,

correct me if I’m wrong.. in my way of thinking one rule could cover above two (assuming default policy is accept):

/ip firewall nat
add chain=dstnat src-address=!192.168.1.250 in-interface=LAN_INTERFACE dst-port=80 protocol=tcp action=dst-nat to-address=192.168.1.250 to-port=8080

Regards,
Sergiusz