To add SQUID Proxy Caching Server support in Mikrotik, Assuming the following Scenario.
DSL MODEM IP = 192.168.1.1
MIKROTIK LAN IP = 10.0.0.1
SQUID LAN IP = 192.168.2.1
I assume that you already have working Mikrotik in place, and Already configured SQUID Server ready, (You can search guides about there configurations at my blog), I will just show you how to interconnect them together so All users browsing port 80 request will go to SQUID for caching facility)
We will divide this article in two sections.
1# MIKROTIK CONFIGURATION
2# SQUID CONFIGURATION
1# MIKROTIK CONFIGURATION
Mikrotik Have 3 Interfaces.
ether1 = 10.0.0.1
Connected to LAN
ether2 = 192.168.2.2
Connected Directly to PROXY’s eth0 via crossover cable.
ether3 = 192.168.1.2
Connected Directly to WAN/DSL
As shown in the image below . . .
Open New Terminal and create new NAT rule to redirect port 80 traffic to SQUID proxy server. Command as follows.
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=192.168.2.1 to-ports=8080
[192.168.2.2 is the SQUID proxy server ip]
As shown in the image below . . .
That’s it for mikrotik configuration, moving on to squid
2# SQUID CONFIGURATION
SQUID PROXY SERVER have two Interfaces
eth0 = 192.168.2.1
Connected Directly with Mikrotik’s PROXY interface via crossover cable.
eth1 = 192.168.1.3
Connected Directly with WAN/DSL
Note: I Will not discuss howto configure SQUID here as it have already been well described in my other articles as follows, Therefore I assume you have already configured SQUID and must be running it in TRANSPARENT mode (using squid.conf directives and iptables)
Add the following line in /etc/squid/squid.conf
# PORT and Transparent Option http_port 8080 transparent
For iptables to redirect user request to port 8080 transparently, Add the following line in /etc/rc.local or issue the command at CLI,
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.2.1:8080
Where eth0 is LAN interface of SQUID.
For more information, Read the below . . .
http://aacable.wordpress.com/2011/08/08/linux-transparent-squid-proxy-server-guide/
http://aacable.wordpress.com/2011/06/01/working-squid-conf-example-fil/
Now Try to Browse, and at Proxy Server , Monitor SQUID Log by following command
tail -f /var/log/squid/access.log
and you will see User Browsing request coming via Mikrotik ip.
As shown in the image below . . .
If you want to log USER’s Original IP address instead of Mikrotik, Either add route in Squid server for your local user subnet pointing to mikrotik proxy interface, OR you have to use Packet Marking + ROUTING method as described in the following article.
http://aacable.wordpress.com/2011/07/21/mikrotik-howto-redirect-http-traffic-to-squid-with-original-source-client-ip/
Regard’s
SYED JAHANZAIB
Nice sharing !
Comment by faizan — December 30, 2011 @ 4:51 PM
nice post
Comment by qobtan — December 31, 2011 @ 4:45 AM
what do you think the scenario will be if we have more than one internet connection
Comment by qobtan — December 31, 2011 @ 4:54 AM
Just configure PCC as a LB. IT will act as a gateway for Mikrotik and Squid.
OR you can create PCC on Your main Mikrotik Server and make it GW for SQUID, so squid will send request to mikrotik
there r several ways to do it.
Comment by Pinochio~:) — December 31, 2011 @ 11:16 AM
Dear Syad ,
My configuration at the moment
– > Mikrotik public ip : for example 82.114.170.18 ( one nic connected to the switch )
DSL SWITCH – > SQUID publi ip : for example 82.114.170.19 ( one nic connected to the switch )
– > MIkrotik public ip : for example 82.114.170.20 ( one nic connected to the switch )
after doing the nat rule in every mikrotik i get the squid server ip on showip.com
does it mean all the trafic off all users ( with or without cache ) is going throw squid now .
or i see only the public ip of the squid but the trafic goes directly from dsl router -> mikrotik -> user
and not dsl-router – > { squid -> mikrotik } > users
Comment by Nori — January 9, 2012 @ 4:48 AM
Dear Syed Jahanzaib,
i have 70 customers around 50 need 128 kbps/32 and 20 need 256 kbps/64
iam lost how much dedicated bandwidth i should buy
(right now iam load balancing four accounts + squid on ubuntu the problem is that 90% of the bandwidth is cached so users are facing problems with non cached things)
Thanks in advance
Comment by Mohamad Hassan — January 26, 2012 @ 9:01 AM
If you want to provide customers with good quality of internet services, I suggest you to get PTCL 10 mb dsl connection. Its affordable and cheap , 10,000 Rs only per month and you will get around 8-9 mbps from it.
Just config your squid with balanced refresh pattern and all will be fine.
Comment by Syed Jahanzaib / Pinochio~:) — January 26, 2012 @ 10:46 AM
How to add SQUID Proxy Server on The Windows OS with MIKROTIK management bandwidth?
thank
Comment by akunk — January 30, 2012 @ 11:32 PM
I will not recommend you tu use squid for windows.
If you wanna stick to windows OS, then use ISA Server instead.
Or move on to linux/squid which will be more reliable and efficient as compared to windows OS.
On Linux you will have many added benefits.
Comment by Syed Jahanzaib / Pinochio~:) — January 31, 2012 @ 2:34 PM
Hi Syed, used this tutorial and its working perfectly. one problem though if my squid proxy (ubuntu 10.04) crashes for any reason all other traffic will work fine but HTTP traffic is kaput! any ideas how i can get around this? maybe a failover so that when MK detects that squid service or IP is unresponsive all HTTP traffic goes out directly i.e bypasses squid box. thanks
Comment by Benk — January 31, 2012 @ 10:43 PM
assalam o alaikum All mine ek problem face kar rahi ho firewall nat
add karta ho tu browser of hojati hai place help me its argint thanks
Comment by amir — February 26, 2012 @ 3:28 AM
yaar places koi tu reply kar do i am waiting
Comment by amir — February 27, 2012 @ 5:00 PM
I have RB750GL . Os main PCC load balancing howi hai with hotspot server. 2 WAN and 1 LAN. now just tell me what would be picture (like you have displayed for one WAN) for two WAN’s. Thanx
Comment by SHAFQAT FARHAN — May 12, 2012 @ 11:36 AM