[squid-users] Squid box for two networks
Eliezer Croitoru
eliezer at ngtech.co.il
Thu Jul 20 17:11:53 UTC 2017
Hey Pablo,
I am working as a tech support for MikroTik devices and the tcpdump dumps are leaving couple things unknown.
Can you share the MikroTik rules PBR rules you are using?
Are you using any kind of connection marking and tracking in the mix or just plain source based routing?
I am pretty sure that the issue is in the reverse path and not backwards.
If you can export your MikroTik configuration I might be able to try and help you find the right rules if these are wrong.
Also make sure that the squid box has reverse path filtering disabled using:
http://wiki.squid-cache.org/EliezerCroitoru/Drafts/MwanLB#Set_Reverse_Path_Filter_machine_globally_script
And also take a peek at:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2#Linux_and_Squid_Configuration
I planned to add into the wiki an article\tutorial how to setup squid with MikroTik since there are more than a dozen of articles\tutorials that just do not do it the right way.
Eliezer
* you can send me the configuration privately if these are sensitive
----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Pablo Ruben Maldonado
Sent: Thursday, July 20, 2017 16:41
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid box for two networks
The packets are routing using a mark and later routing rules inside my principal router (Mikrotik). Attach images with examples of packets arriving to Squid box.
On Thu, Jul 20, 2017 at 10:27 AM, Antony Stone <mailto:Antony.Stone at squid.open.source.it> wrote:
On Thursday 20 July 2017 at 14:08:27, Pablo Ruben Maldonado wrote:
> Hi, i add information missing in original post. Thanks for assistance:
>
> The Squid Box has setup for Intercept Mode. Iptables rules here:
>
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129
How are you routing the packets from the firewall to Squid?
> The config paste in https://pastebin.com/Witg3cG1
>
> Thanks
>
> On Mon, Jul 17, 2017 at 5:31 PM, Pablo Ruben Maldonado <
>
> mailto:pablo.ruben.maldonado at gmail.com> wrote:
> > Hello, I have a squid box 3.5 working without problems for the lan
> > http://192.168.110.0/24 for several months. Now I want setup to another lan
> > http://192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come
> > to squid box. But in Squid's log I do not see anything. Can they give me
> > some tip?
Can you give us any examples of packets as seen by tcpdump on the Squid box:
a) from http://192.168.110.0/24
b) from http://192.168.115.0/24
Antony.
--
BASIC is to computer languages what Roman numerals are to arithmetic.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
mailto:squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list