Community discussions

just joined
Topic Author
Posts: 13
Joined: Sat Apr 19, 2008 4:48 pm

Squid + Mikrotik = problem load images

Thu Aug 14, 2008 6:20 pm


I have a mikrotik and squid-linux, it´s work. But i have problems on load images. The images time out for load expires. What can be here?

I use this dnat:

ip firewall nat

add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80 protocol=tcp to-addresses=<proxy address> to-ports=3127

I try this:

/ip firewall mangle
add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
new-routing-mark=http passthrough=yes

/ ip route
add dst-address= gateway=,, \
check-gateway=ping scope=255 target-scope=10 routing-mark=http comment="" \

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

My squid.conf

#  TAG: http_port
#  Porta na qual o squid irá escutar # modo transparente, nao ha necessidade de configurar o browser
http_port 3128 transparent 

#  TAG: icp_port
#  Porta na qual o squid irá enviar/receber requisicoes icp
icp_port 3130

#  TAG: cache_peer
#  Usado para especificar uma hierarquia proxy
#cache_peer       parent    3128  3130  [proxy-only]
#cache_peer         sibling   3128  3130  [proxy-only]

#  TAG: hierarchy_stoplist
#  Determina as palavras que serao mandadas diretamente para o cache
hierarchy_stoplist cgi-bin ?

#  TAG: cache
#  Lista de ACLs, caso mal-configurada, causa resultados indesejados
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

#  TAG: broken_vary_encoding
#  Muitos servidores nao tem suporte a on-the-fly Content-Encoding, retornando algumas variantes
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

#  TAG: cache_mem	(bytes)
#  Tamanho da memoria usada pelo cache
cache_mem 8 MB

#  TAG: cache_swap_low	(percent, 0-100)
#  TAG: cache_swap_high	(percent, 0-100)
#  Quando o squid ira sobrescrever os arquivos mais velhos do cache
cache_swap_low 90
cache_swap_low 90

#  TAG: maximum_object_size	(bytes)
#  Tamanho maximo do objeto que o squid ira salvar no disco
maximum_object_size 4096 KB

#  TAG: minimum_object_size	(bytes)
#  Menor objeto salvo no disco
minimum_object_size 0 KB

#  TAG: maximum_object_size_in_memory	(bytes)
#  Tamanho maximo do objeto que sera mantido na memoria cache
maximum_object_size_in_memory 8 KB

#  TAG: ipcache_size	(number of entries)
#  Tamanho do cache dos ips
ipcache_size 1024

#  TAG: ipcache_low and ipcache_high	(percent)
#  Determina quando os ips salvos serao substituidos
ipcache_low 90
ipcache_high 95

#  TAG: cache_dir
#  Diretorio onde sera salvo os arquivos do cache
cache_dir ufs /var/log/squid/cache 100 16 256

#  TAG: access_log
#  Local onde ficara armazendo as informacoes de acesso ao cache
access_log /var/log/squid/logs/access.log squid

#  TAG: cache_log
#  Arquivos que contem informacoes sobre o cache
cache_log /var/log/squid/logs/cache.log

#  TAG: cache_store_log
#  Local onde ficara armazedo as atividades do cache
cache_store_log /var/log/squid/logs/store.log

#  TAG: pid_filename
#  Onde ficara armazenado o id do processo do squid
pid_filename /var/log/squid/logs/

#  TAG: refresh_pattern
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320

#  TAG: acl
#  Define uma lista de acesso
acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

#  TAG: rede local
#  Definicao da rede local
acl rede_local src

#  TAG: http_access
#  Permite ou nega acesso a lista de acesso
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow rede_local

#  Nega os que nao estiverem na lista de acesso
http_access deny all

#  TAG: icp_access
#  Permite ou nega o acesso ao icp
icp_access allow all

#  TAG: cache_mgr
#  Administrador do cache, caso haja algum problema

#  TAG: cache_effective_user
#  Define o usuario do cache
# cache_effective_user nobody

#  TAG: cache_effective_group
#  Define o grupo do cache
# none

#  TAG: error_directory
#  Define a linguagem de erros
error_directory /usr/share/errors/Portuguese

#  TAG: coredump_dir
coredump_dir /var/log/squid/cache
User avatar
Posts: 128
Joined: Wed Jan 26, 2005 4:58 pm

Re: Squid + Mikrotik = problem load images

Tue Aug 26, 2008 4:48 am

I cant remember the exact config settings for squid but do a search for "transparent squid proxy" and you will find the settings that will fix that.
Steve Discher, USA
RouterOS Training and Consulting
Get Certified!
Member Candidate
Member Candidate
Posts: 136
Joined: Fri Jun 05, 2009 10:52 pm

Re: Squid + Mikrotik = problem load images

Tue Aug 26, 2008 7:52 am

Hi There
please explane your network. what i thing that you have 3 gateway ip and mark packet route to the specfied gateway and this gateway install squid box if you have single gateway this article might be help you out ... ct_ROS_2.9
i am used squid with MT since 3 years with different setups i seen many times if you are marking 80 port the issue accour from client response time i suggest if you have more bandwidth don't be mangling 80 port use static solution

Who is online

Users browsing this forum: No registered users and 109 guests