Community discussions

MikroTik App
 
hci
Long time Member
Long time Member
Topic Author
Posts: 637
Joined: Fri May 28, 2004 5:10 pm

Transparently Redirecting to External Proxy Cache?

Sun Jul 04, 2004 1:54 am

Is anyone using a Mikrotik gateway router as a transparent webproxy with a DST-NAT dedirect then having its parent proxy as the real cache? I tried this once and could not get it to use the parent proxy.

What I want to do is have the Mikrotik router redirect all port 80 requests to itself. I want the Mikrotik routers cache to have a maximum cache size of none and forward all requests to a Linux box running Squid with several SCSCI drives.

Anyone doing that?

Matt
 
wjw
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand
Contact:

Sun Jul 04, 2004 11:48 am

Why not just use a firewall rule to forward all traffic with dst port 80 directly to the squid proxy?
 
hci
Long time Member
Long time Member
Topic Author
Posts: 637
Joined: Fri May 28, 2004 5:10 pm

Wed Jul 07, 2004 2:45 am

So I would create a DST-NAT NAT fule and NAT to the IP of the Squid box. What would I do on the Squid server to tell it to accept these NAT'ed packets? And how would the Squid server get the packets back to the IP that requested them?

I looked through Squid FAQ and most of the stuff there relates to packets already flowing through the Squid box not stuff redirected to it except for Cisco routers.

Matt
 
fivenetwork
newbie
Posts: 45
Joined: Thu Jul 08, 2004 4:39 am

Thu Jul 08, 2004 5:05 am

Ummm,

You could masquerade all users on the MT and have a DST NAT redirect Port 80 to the SQUID on MT. Have MT SQUID size set to zero and parent proxy it to the EXTERNAL SQUID.

Then External SQUID will easily communicate to the MT SQUID, we thinks.

Will do?
 
litu
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Jul 08, 2004 7:49 am
Location: Sylhet, Bangladesh
Contact:

Thu Jul 08, 2004 8:01 am

Yes ! Its possible. Let me describe what you have to do. First enable web-proxy, define port:8080 (don't put src address!), hostname: proxy. Now
click on the tranperent proxy, put parent proxy's ip address which is your
external proxy, and also its port like 8080.Cache admin: webmaster as default, max oject size:4096,cache drive: system, maximum cache
size none. Now go to ip>firewall>dst-nat. Add a rule like that:

src-address=10.10.0.0/29 in-interface=local dst-address=!10.10.0.1/32:80 protocol=tcp action=redirect to-dst-port=8080

where 10.10.0.0/29 is my local lan's user ip pool and 10.10.0.1 is my mikrotik.

After a few monments later, you will see request is coming to your external proxy! have fun !
Shah Ahmed Raquib Litu
Chief Technical
SOL-BD
50/A Polashi, Kazi Elias, Zindabazar
Sylhet-3100. Bangladesh.
E-Mail: litu@sol-bd.com
Tel:+880 821 724500 (10Am-5PM)
IP: +880 9611200042

Who is online

Users browsing this forum: andyalex465, Bing [Bot], ramirez and 185 guests