I’m not entirely sure of this setup as I haven’t used anything like this in a while, but if you redirect traffic from .1 to .2, shouldn’t you have a rule saying that .2 is allowed to get out without being forwarded back to itself?
Secondly, if the devices that are supposed to be receiving data from the proxy are on the same network, there may be some issues with triangular routing.
PC—>mikrotik—>proxy---->mikrotik—>internet—>mikrotik—>proxy—>PC
at this point the PC would get confused as its receiving a response back from 192.168.0.2 when it requested it via 192.168.0.1
Someone please correct me if I’m wrong, as I said haven’t used this setup in a long time.
Yes, but if I use this configuration, squid machine see incoming packets from Mikrotik IP, not original IP (I need this because of squidGuard, and monitoring). Is it possible to override this issue?
Just put the squid machine in a different network range to the computers. It can even be on the same port, just add a second ip address (say 192.168.1.1/24) to the mikrotik and make the proxy 192.168.1.2 and have mikrotik dst-nat the traffic to that instead.
Make sure you setup a nat rule for the 192.168.1.0/24 range thou
Ok, I’ll try these configurations. The last resort is to block outgoing port 80, and enter proxy manually to every user. My company is not too big, so it can also be solution. Thanks to everyone!
?