Page 1 of 1

Help with external squid proxy with Debian

Posted: Sat Feb 07, 2009 12:39 am
by alt
I have squid in debian. I tasted squid putting proxy IP and port in Internet Explorer and it worked perfectly with squid connected in switch with my clients, but after I connected in the second interface of Mikrotik it does not work, I need help for this problem, how to config rules in Mikrotik, do I need to add any queue for squid IP address, any redirect http rule or mangle rule?

:( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :(

Re: Help with external squid proxy with Debian

Posted: Sat Feb 07, 2009 11:30 am
by Chupaka
if you use dst-nat to squid server, then you should say to squid that it's working in transparent mode

Re: Help with external squid proxy with Debian

Posted: Sat Feb 07, 2009 12:59 pm
by alt
I have use this dst-nat


add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80 protocol=tcp to-addresses=<proxy address> to-ports=<proxy port>

and this proxy configuration in debian

http://www.cahilig.org/install-transpar ... ebian-etch

but don't work.

:( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :(

Re: Help with external squid proxy with Debian

Posted: Sun Feb 08, 2009 12:10 pm
by Chupaka
and of course, you do not redirect proxy's requests back to proxy, do you? =)

try to add parameter 'in-interface=local(where your users come from)' to your rule

Re: Help with external squid proxy with Debian

Posted: Sun Feb 08, 2009 12:59 pm
by GuJack20
i use this
http_port 3128 transparent
visible_hostname proxy_server
icp_port 0

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 443 563
acl CONNECT method CONNECT


cache_access_log none
cache_log none
cache_store_log none

cache_mem 300 MB
cache_mgr @ens-al.com

maximum_object_size 18 MB
minimum_object_size 0

cache_dir ufs /var/spool/squid/ 50000 16 256

cache_effective_user proxy

http_access allow all



# Zero Penalty HIT
zph_tos_local 0x30
zph_tos_peer 0
zph_tos_parent off

Re: Help with external squid proxy with Debian

Posted: Sun Feb 08, 2009 4:07 pm
by Chupaka
when you enable dst-nat rule on RouterOS - can you still browse the Internet from squid machine (not from client computers)?

Re: Help with external squid proxy with Debian

Posted: Mon Feb 09, 2009 4:03 pm
by alt
Hi GuJack20 !
Can you please tell me what is your mikrotik configuration for this proxy configuration ?

Thnx for your help!

Re: Help with external squid proxy with Debian

Posted: Mon Feb 09, 2009 8:39 pm
by alt
Yes Chupaka i can ping google

Re: Help with external squid proxy with Debian

Posted: Mon Feb 09, 2009 9:31 pm
by GuJack20
chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=3128
protocol=tcp src-address=192.168.1.0/24 dst-port=80

Where: 10.0.0.2 is the Ip of Squid
192.168.1.0/24 is the internal LAN

Re: Help with external squid proxy with Debian

Posted: Wed Feb 11, 2009 1:15 am
by Chupaka
Yes Chupaka i can ping google
ping is not HTTP protocol... I meant exactly port 80 testing

Re: Help with external squid proxy with Debian

Posted: Thu Feb 12, 2009 1:01 am
by mudasir
Hi,

Which scenario are you using

1.
Internet directly connected to Mikrotik, Mikrotik connected to Proxy with another interface, Mikrotik connected to Local Network

2.
Internet directly connected to Proxy, Proxy connected to Mikrotik, Mikrotik connected to Local network.

If using Scenario number 1 then you will have to set the squid in peer mode (i.e cache_peer) and define Parent Proxy parameter in Mikrotik.

If using Scenario number 2 then its very easy have to do nothing, just patch squid with ZPH and mark with appropriate MARK, and setup Mikrotik without any sort of proxy settings. It will work smoothly.

Re: Help with external squid proxy with Debian

Posted: Fri Feb 13, 2009 11:33 am
by alt
I am using this scenario : Internet directly connected to Mikrotik, Mikrotik connected to Proxy with another interface, Mikrotik connected to Local Network.
I tried the configuration made by Gujack20 but it does not work. In my Debian system i have Squid proxy 2.6
Can you please show me your own configuration for this scenario of mikrotik and Squid or if it is possible to send me the file Squid.conf.


:( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :( :(

Re: Help with external squid proxy with Debian

Posted: Fri Feb 13, 2009 2:25 pm
by GuJack20
The squid.conf file is the one i posted earlier. The version i use is squid_2.6.5-6

For me it works :(

Re: Help with external squid proxy with Debian

Posted: Fri Feb 13, 2009 2:28 pm
by GuJack20
:( i forgot.

For the ZPH to work you must patch squid with the ZPH before compiling. If you don't want to use ZPH just remove the lines after the "ZPH" comment in that squid.conf

Re: Help with external squid proxy with Debian

Posted: Mon Feb 16, 2009 11:01 am
by aprmicro
Hey GuJack20, what ROS version did you use?

Re: Help with external squid proxy with Debian

Posted: Mon Feb 16, 2009 5:35 pm
by GuJack20
I've used 3.15 and 3.18 too

Re: Help with external squid proxy with Debian

Posted: Mon Feb 16, 2009 8:59 pm
by alt
i have 2.9.6 mikrotik version, your configuration works for me GuJack20.

Re: Help with external squid proxy with Debian

Posted: Mon Feb 16, 2009 11:35 pm
by GuJack20
Finally!!!
Update that version though, i can't believe you have still that :shock: :shock:

Re: Help with external squid proxy with Debian

Posted: Fri Feb 20, 2009 4:17 pm
by beny30
I have similar configuration but I could not configure it for cache content faster download for content from internet to use there speed?
Mikrotik has three interfaces:
WAN
SQUID
LAN

Squid box has one Interface.

Can any help me ?

Re: Help with external squid proxy with Debian

Posted: Sat Feb 21, 2009 12:21 am
by GuJack20
Beny30.

Your config is the same as altn.. please try again to configure it using the sample posted in advance

Re: Help with external squid proxy with Debian

Posted: Tue Feb 24, 2009 4:41 pm
by beny30
this is my configuration.

Re: Help with external squid proxy with Debian

Posted: Tue May 12, 2009 12:45 pm
by alt
Hello again.

I am using this configuration of GuJack20


http_port 3128 transparent
visible_hostname proxy_server
icp_port 0

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 443 563
acl CONNECT method CONNECT


cache_access_log none
cache_log none
cache_store_log none

cache_mem 300 MB
cache_mgr @ens-al.com

maximum_object_size 12 MB
minimum_object_size 0

cache_dir ufs /var/spool/squid/ 40000 16 256

cache_effective_user proxy

http_access allow all



# Zero Penalty HIT
zph_tos_local 0x30
zph_tos_peer 0
zph_tos_parent off


NAT:

chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=3128
protocol=tcp src-address=192.168.1.0/24 dst-port=80


10.0.0.2 Ip of Squid
192.168.1.0/24 internal LAN

I am using this scenario : Internet directly connected to Mikrotik, Mikrotik connected to Proxy with another interface, Mikrotik connected to Local Network.

The version i use is squid_2.6.5-6
The version of mikrotik is 3.22

but it does not work for me, what else can i do ?

help please

Re: Help with external squid proxy with Debian

Posted: Tue May 12, 2009 2:49 pm
by Muhammad

Re: Help with external squid proxy with Debian

Posted: Tue May 19, 2009 12:57 pm
by beny30
Is it possible to limit traffice in squid like in Mikrotik webproxy, Squid uses a llot of traffic when downlaoding content, can we limit speed for users for content from internet to their speed for every user in similar way like in Mikrotik or we need to create users in Squid server and there make queues???

Re: Help with external squid proxy with Debian

Posted: Thu May 21, 2009 5:45 pm
by beny30
I have configured Squid but the mangle rule with DSCP 12 does not count, maybe it is not enogh configured and squid "eats" a llot of traffic, I would like to limit speed of my users for content not in cache to their real speed.
Any help or any Idea is it possible or not?