[squid-users] Mikrotik and Squid Transparent
Alex Samad
alex at samad.com.au
Sun Jun 28 23:28:38 UTC 2015
Hi
Thought I would re word what i got from this, see if I understood.
If squid and router (default gateway) are on the same box
then
DNAT to the SQUID listening port and local ip (Can you use localhost
suppose it doesn't matter)
else
router the packet to the SQUID box (if possible)
DNAT on the SQUID box to the local listening port and ip
Squid is able to look in the NAT table ? to confirm what the
destination would be not what the DNAT'ed ip would be.
Does that sum it up ?
Alex
On 28 June 2015 at 21:11, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 28/06/2015 10:37 p.m., Dalmar wrote:
>> To begin with, thank you Marcel,Alex and Amos for your help guys i am
>> really so close because of you. I have done exactly what Marcel told me and
>> now all transparent/intercept errors are gone. It worked nicely when i used
>> two mikrotiks one for WAN and the other for the LAN connection, however,
>> when i use one mikrotik it says TCP_MISS_ABORTED and NONE_ABORTED. In this
>> situation ,squid gets internet from the MK LAN port using a public IP and i
>> can ping the net, but squid throws the above error in the access.log. The
>> topo i wanna use is INTERNET >>MK >> SQUID .
>> i think the iptable rules will change.The Mikrotik have 3 NICS now , but i
>> can add 1 more so it becomes eth0:WAN eth1:LAN eth2:PROXY-LAN
>> eth3:PROXY-WAN .
>
> You should not need extra NICs for this. The Mikrotik rules just need to
> distinguish the flows clearly.
>
> a) LAN->WAN dst port TCP/80 use gateway eth2
> b) *->WAN use gateway eth0
> c) *->Squid use gateway eth2
> d) *->LAN use gateway eth1
>
>>
>> NB: it says Your message to squid-users awaits moderator approval , Message
>> body is too big ,for all my replays! so sorry for the delay.
>
> NP: We have a 40KB size limit on posts to these lists. Moderation for
> others and the moderators procrastinate.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list