I have tried every methods, but there is no use.My bad!
/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-port=80 to-addresses=192.168.0.2 in-interface=ether1
This way only ether1 (internet) will use this nat. Your local users will still go through the proxy.
EDIT: You also may want to do a
/ip firewall nat print
and insure your squid proxy port 80 dstnat rule is not above this dstnat rule. I believe you can use the place-before=0 variable to put this rule first. The first rule that applies is used, and, as the docs say, all others are ignored.
Thanks Chupaka.well, if your users and squid server are in one subnet, you should use srcnat along with dstnat. but you will loose the ability to check user's IP on squid server. Web Proxy returns this ability back =)
Thank you Hilton. But I tried some of the examples above and it doesn't work here. As I read through this thread again , I think I have a different network as yours. I have something like:It will work if you set the squid server to be transparent, but not if you need it to authenticate via LDAP.