Community discussions

 
alt
newbie
Topic Author
Posts: 25
Joined: Tue Feb 27, 2007 5:46 pm
Contact:

Help with external squid proxy with Debian

Sat Feb 07, 2009 12:39 am

I have squid in debian. I tasted squid putting proxy IP and port in Internet Explorer and it worked perfectly with squid connected in switch with my clients, but after I connected in the second interface of Mikrotik it does not work, I need help for this problem, how to config rules in Mikrotik, do I need to add any queue for squid IP address, any redirect http rule or mangle rule?

:( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :(
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8318
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Help with external squid proxy with Debian

Sat Feb 07, 2009 11:30 am

if you use dst-nat to squid server, then you should say to squid that it's working in transparent mode
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
alt
newbie
Topic Author
Posts: 25
Joined: Tue Feb 27, 2007 5:46 pm
Contact:

Re: Help with external squid proxy with Debian

Sat Feb 07, 2009 12:59 pm

I have use this dst-nat


add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80 protocol=tcp to-addresses=<proxy address> to-ports=<proxy port>

and this proxy configuration in debian

http://www.cahilig.org/install-transpar ... ebian-etch

but don't work.

:( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :(
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8318
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Help with external squid proxy with Debian

Sun Feb 08, 2009 12:10 pm

and of course, you do not redirect proxy's requests back to proxy, do you? =)

try to add parameter 'in-interface=local(where your users come from)' to your rule
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Help with external squid proxy with Debian

Sun Feb 08, 2009 12:59 pm

i use this
http_port 3128 transparent
visible_hostname proxy_server
icp_port 0

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 443 563
acl CONNECT method CONNECT


cache_access_log none
cache_log none
cache_store_log none

cache_mem 300 MB
cache_mgr @ens-al.com

maximum_object_size 18 MB
minimum_object_size 0

cache_dir ufs /var/spool/squid/ 50000 16 256

cache_effective_user proxy

http_access allow all



# Zero Penalty HIT
zph_tos_local 0x30
zph_tos_peer 0
zph_tos_parent off
--Do you remember that guy who gave up? Neither does anybody else!
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8318
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Help with external squid proxy with Debian

Sun Feb 08, 2009 4:07 pm

when you enable dst-nat rule on RouterOS - can you still browse the Internet from squid machine (not from client computers)?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
alt
newbie
Topic Author
Posts: 25
Joined: Tue Feb 27, 2007 5:46 pm
Contact:

Re: Help with external squid proxy with Debian

Mon Feb 09, 2009 4:03 pm

Hi GuJack20 !
Can you please tell me what is your mikrotik configuration for this proxy configuration ?

Thnx for your help!
 
alt
newbie
Topic Author
Posts: 25
Joined: Tue Feb 27, 2007 5:46 pm
Contact:

Re: Help with external squid proxy with Debian

Mon Feb 09, 2009 8:39 pm

Yes Chupaka i can ping google
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Help with external squid proxy with Debian

Mon Feb 09, 2009 9:31 pm

chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=3128
protocol=tcp src-address=192.168.1.0/24 dst-port=80

Where: 10.0.0.2 is the Ip of Squid
192.168.1.0/24 is the internal LAN
--Do you remember that guy who gave up? Neither does anybody else!
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8318
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Help with external squid proxy with Debian

Wed Feb 11, 2009 1:15 am

Yes Chupaka i can ping google
ping is not HTTP protocol... I meant exactly port 80 testing
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
mudasir
Member Candidate
Member Candidate
Posts: 278
Joined: Tue Apr 29, 2008 3:38 am
Location: Karachi, Pakistan
Contact:

Re: Help with external squid proxy with Debian

Thu Feb 12, 2009 1:01 am

Hi,

Which scenario are you using

1.
Internet directly connected to Mikrotik, Mikrotik connected to Proxy with another interface, Mikrotik connected to Local Network

2.
Internet directly connected to Proxy, Proxy connected to Mikrotik, Mikrotik connected to Local network.

If using Scenario number 1 then you will have to set the squid in peer mode (i.e cache_peer) and define Parent Proxy parameter in Mikrotik.

If using Scenario number 2 then its very easy have to do nothing, just patch squid with ZPH and mark with appropriate MARK, and setup Mikrotik without any sort of proxy settings. It will work smoothly.
Regards
Mudasir Mirza
http://www.diglinux.com
 
alt
newbie
Topic Author
Posts: 25
Joined: Tue Feb 27, 2007 5:46 pm
Contact:

Re: Help with external squid proxy with Debian

Fri Feb 13, 2009 11:33 am

I am using this scenario : Internet directly connected to Mikrotik, Mikrotik connected to Proxy with another interface, Mikrotik connected to Local Network.
I tried the configuration made by Gujack20 but it does not work. In my Debian system i have Squid proxy 2.6
Can you please show me your own configuration for this scenario of mikrotik and Squid or if it is possible to send me the file Squid.conf.


:( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :(
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Help with external squid proxy with Debian

Fri Feb 13, 2009 2:25 pm

The squid.conf file is the one i posted earlier. The version i use is squid_2.6.5-6

For me it works :(
--Do you remember that guy who gave up? Neither does anybody else!
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Help with external squid proxy with Debian

Fri Feb 13, 2009 2:28 pm

:( i forgot.

For the ZPH to work you must patch squid with the ZPH before compiling. If you don't want to use ZPH just remove the lines after the "ZPH" comment in that squid.conf
--Do you remember that guy who gave up? Neither does anybody else!
 
aprmicro
just joined
Posts: 21
Joined: Tue Oct 23, 2007 1:06 pm

Re: Help with external squid proxy with Debian

Mon Feb 16, 2009 11:01 am

Hey GuJack20, what ROS version did you use?
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Help with external squid proxy with Debian

Mon Feb 16, 2009 5:35 pm

I've used 3.15 and 3.18 too
--Do you remember that guy who gave up? Neither does anybody else!
 
alt
newbie
Topic Author
Posts: 25
Joined: Tue Feb 27, 2007 5:46 pm
Contact:

Re: Help with external squid proxy with Debian

Mon Feb 16, 2009 8:59 pm

i have 2.9.6 mikrotik version, your configuration works for me GuJack20.
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Help with external squid proxy with Debian

Mon Feb 16, 2009 11:35 pm

Finally!!!
Update that version though, i can't believe you have still that :shock: :shock:
--Do you remember that guy who gave up? Neither does anybody else!
 
beny30
Member Candidate
Member Candidate
Posts: 137
Joined: Tue Aug 26, 2008 2:13 pm

Re: Help with external squid proxy with Debian

Fri Feb 20, 2009 4:17 pm

I have similar configuration but I could not configure it for cache content faster download for content from internet to use there speed?
Mikrotik has three interfaces:
WAN
SQUID
LAN

Squid box has one Interface.

Can any help me ?
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Help with external squid proxy with Debian

Sat Feb 21, 2009 12:21 am

Beny30.

Your config is the same as altn.. please try again to configure it using the sample posted in advance
--Do you remember that guy who gave up? Neither does anybody else!
 
beny30
Member Candidate
Member Candidate
Posts: 137
Joined: Tue Aug 26, 2008 2:13 pm

Re: Help with external squid proxy with Debian

Tue Feb 24, 2009 4:41 pm

this is my configuration.
You do not have the required permissions to view the files attached to this post.
 
alt
newbie
Topic Author
Posts: 25
Joined: Tue Feb 27, 2007 5:46 pm
Contact:

Re: Help with external squid proxy with Debian

Tue May 12, 2009 12:45 pm

Hello again.

I am using this configuration of GuJack20


http_port 3128 transparent
visible_hostname proxy_server
icp_port 0

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 443 563
acl CONNECT method CONNECT


cache_access_log none
cache_log none
cache_store_log none

cache_mem 300 MB
cache_mgr @ens-al.com

maximum_object_size 12 MB
minimum_object_size 0

cache_dir ufs /var/spool/squid/ 40000 16 256

cache_effective_user proxy

http_access allow all



# Zero Penalty HIT
zph_tos_local 0x30
zph_tos_peer 0
zph_tos_parent off


NAT:

chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=3128
protocol=tcp src-address=192.168.1.0/24 dst-port=80


10.0.0.2 Ip of Squid
192.168.1.0/24 internal LAN

I am using this scenario : Internet directly connected to Mikrotik, Mikrotik connected to Proxy with another interface, Mikrotik connected to Local Network.

The version i use is squid_2.6.5-6
The version of mikrotik is 3.22

but it does not work for me, what else can i do ?

help please
 
User avatar
Muhammad
Member Candidate
Member Candidate
Posts: 141
Joined: Wed Aug 20, 2008 9:15 pm
Location: Pakistan

Re: Help with external squid proxy with Debian

Tue May 12, 2009 2:49 pm

any thoughts ???
think about Karma
 
beny30
Member Candidate
Member Candidate
Posts: 137
Joined: Tue Aug 26, 2008 2:13 pm

Re: Help with external squid proxy with Debian

Tue May 19, 2009 12:57 pm

Is it possible to limit traffice in squid like in Mikrotik webproxy, Squid uses a llot of traffic when downlaoding content, can we limit speed for users for content from internet to their speed for every user in similar way like in Mikrotik or we need to create users in Squid server and there make queues???
 
beny30
Member Candidate
Member Candidate
Posts: 137
Joined: Tue Aug 26, 2008 2:13 pm

Re: Help with external squid proxy with Debian

Thu May 21, 2009 5:45 pm

I have configured Squid but the mangle rule with DSCP 12 does not count, maybe it is not enogh configured and squid "eats" a llot of traffic, I would like to limit speed of my users for content not in cache to their real speed.
Any help or any Idea is it possible or not?

Who is online

Users browsing this forum: MSN [Bot] and 118 guests