SQUID INTERACE

erastusec · April 12, 2010, 3:26pm

We have an squid server and it works well with cisco.

We are struggling to get it to work with mikrotik .

The server is om port 3128 ip 10.3.0.251

When i Config the router it must be configured as

" all incoming traffic on port 80 that passes needs to be transparently redirected to 10.3.0.251 on port 3128"

I don’t have any experience on squids or this routing.

We can get some sites to work but because the mikrotik is not “transparent” it crasehes the squid server.

Is there anybody who can help?

Chupaka · April 20, 2010, 11:46pm

crashes? O_o

with what error?

p.s. don’t let us to guess - post what have been done already in config

erastusec · April 21, 2010, 9:10am

Sorry,

can’t get it to route succesfully through the server.

I have followed the sample as per documentation but no luck.

I know the server work as it has been tested with Cisco.

I know it is only “my configuration” but I have 0 knowledge of this

Chupaka · April 21, 2010, 1:29pm

what’s you users’ address space?

erastusec · April 21, 2010, 4:11pm

look on skype grassiecoetzee is that what you asked?

gmidia · April 21, 2010, 5:10pm

redirect all traffic on port 80 to port 3128 on your squid. use dst-nat. i also have squid and works well. But i have used squid and proxy on the mikrotik box. Not much of a difference . What is the amount of traffic going through the Mikrotik

Chupaka · April 21, 2010, 9:47pm

I mean, what subnet do you use for your clients?

if it’s not the same as squid’s subnet - then you simply add DST-NAT rule, as gmidia said

erastusec · April 22, 2010, 4:54am

The hi site is as follows:

Ip 10.3.0.0/24

The main router is

10.3.0.1 Main Link & 10.3.05 ( as backup link)
10.3.0.2 Direction North
10.3.0.3 Direction South and and ptp clients
10.3.0.4 AP Bridge (sectors)
10.3.0.5 Direction West and Back up link to internet
10.3.0.6 AP Bridge (sectors)

The squid Server IP is 10.3.0.251 port 3128

All are interconnected via switch (hub)

I have followed the sample in documentation and did a dst nat from port 80 to port 3128

I configured the router ip 10.3.0.2 to work via the squid but had some problems

/ip firewall nat
/ip proxy
[grassie@knb2.theweb.co.za] /ip proxy> print
enabled: no (currently off because I had problems)
src-address: 0.0.0.0
port: 3128
parent-proxy: 10.3.0.251
parent-proxy-port: 3128
cache-administrator: “”
max-cache-size: none
cache-on-disk: no
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: yes
cache-hit-dscp: 4
/ip proxy access
set enabled=yes port=3128 cache-administrator=erastus@theweb.co.za

Chupaka · April 22, 2010, 10:13am

if you have some problems, you should do something to solve it

you haven’t answered: where are you clients? in general, you should simply add dst-nat to your squid’s port for http traffic

erastusec · April 22, 2010, 10:24am

They all have 10.2.X.X or 10.3.X.X

The network is 100% it is only the interface to the squid server

Chupaka · April 22, 2010, 11:36am

??? O_o

and what’s with that NAT rule? does it work?

erastusec · April 22, 2010, 11:37am

no nat rule only one nat at internet connection

Chupaka · April 22, 2010, 11:53am

then

… and check!..

erastusec · April 22, 2010, 12:19pm

Like this:

0 X chain=dstnat action=dst-nat to-addresses=10.3.0.251 to-ports=3128 protocol=tcp dst-port=80

Chupaka · April 22, 2010, 1:12pm

yes, like this. but if your squid accesses the Internet via the same router, you should add src-address=!10.3.0.251

erastusec · April 22, 2010, 5:45pm

Thanks for your help I think the squid server is not working

Chupaka · April 22, 2010, 8:47pm

doctor, I feel pain when I touch myself here, and here, and here…
hmmm… let me see… oh! you simply have broken your finger

erastusec · April 23, 2010, 1:47am

after days of struggling the they realized the squid was not working!!!

I also think the !10.3.0.252 help as I never used that

Many thanks for your help !!!

erastusec · April 28, 2010, 6:45am

MANY THANKS !! You guide me ionto the problem !!!