If your squid have two interfaces, one for Mikrotik, and second for WAN, then you have to create as additional route on SQUID Box for user subnet pointing to mikrotik so that SQUID can see user original ip instead of mikrotik. Something like following.
route add -net 172.16.0.0 netmask 255.255.0.0 gw 192.168.2.1 dev eth0
Whereas 172.16.x.x series is user subnet (in my case it was pppoe user pool) and 192.168.2.1 is the Mikrotik interface via squid is connected with.
Make sure to specifically define WAN interface in default NAT rule, so that traffic going to squid should not be natted with default mikrotik IP. This is important if you want to log user original ip int eh squid access.log
. Something like ...
/ip fi nat add action=masquerade chain=srcnat disabled=no out-interface=WAN
If squid have just one interface connected with default gateway pointed to MT, then no need to create additional route.
Some example here.
http://aacable.wordpress.com/2011/07/21 ... client-ip/