Squid with mikrotik router

RouterOS Beginner Basics
1

I tried to connect squid3 in my network to use high anonymity proxy. This is how my network is right now

   
    WAN LINK
         |
 -------------           ---------------------------
| Mikrotik Box |        |   Ubuntu Server with squid3  |
 -------------          ----------------------------
         |                 /
         |               /
 ----------------------
| Switch ( Cheap one ) |
 ----------------------
    |         |        |       
  Client1  Client2  Client3   etc.

after this setup I changed squid.conf in Ubuntu server as

  1. http_port 8080

  2. acl localhost src xxx.xxx.xxx.xxx(Ubuntu server IP)

3 acl to_localhost dst xxx.xxx.xxx.xxx(Mikrotik router gateway) I assume that redirected http from Mikrotik router will be redirect again to Mikrotik router.

  1. uncomment access log /var/log/squid3/access.log

  2. add visible_hostname myname

save squid.conf and restart squid3 server.

Then I have added nat rule in Mikrotik router

ip/firewall/nat

1.  add chain=dstnat src_address=xxx.xxx.xxx.xxx(ununtu server IP) dst-port=80 protocol=tcp action=accept

2. add chain=dstnat src_address=xxx.xxx.xxx.xxx/28(LAN address) dst-port=80 protocol=tcp action=dst-nat to-address=xxx.xxx.xxx.xxx(ununtu server IP) to-port=8080

now I can not able to access internet from client1 system, If I remove these two nat rule then I can access internet. what is wrong I have made?

2

Have you checked all the setting what about DNS setting have you checked all those.

3

Squid MUST be connected with mikrotik to isolate it from the user LAN, not to switch.
for example:

Mikrotik
LAN1 = User LAN 10.0.0.x
LAN2 = WAN 1.2.3.x
LAN3 = to SQUID 192.168.1.x

then use dst-nat method to route port 80 request to squidip:port

That’s it :slight_smile:

  add chain=dstnat src_address=xxx.xxx.xxx.xxx(ununtu server IP) dst-port=80 protocol=tcp action=accept

the above rule is required if you are using MARK n ROUTE method, also in mark-n-route method, squid must have user subnet ROUTE defined in order to connect with user. Avoid this method if you are new to squid and mikrotik. simply use dst-nat method which is easy and quick , i have few guides on both dst-nat and mark-n-route method :smiley: