Someone requested me to create a script that can check Squid Proxy or Target Server Link state from Mikrotik, and if the Squid Proxy / Target Server is not responding, then it should Disable the redirect NAT rule so all load can be handle by Mikrotik.You can modify this script as per your requirements. you can modify it to check WAN link, and if the WAN link is down, it can trigger SMS Script / Sound Alaram, or shift to backup WAN link by enabling diabling ROUTE’s or it can also be used to detect any wan link failure detection and change the rules accordingly.
Possibilities are endless.
So here it is.
Adding Comments in Redirect Rule
First add comments in required NAT rule, i.e Rule that redirects port 80 traffic to squid. You can also disable/enable rules based on the numbers, BUT its not recommended BECAUSE if you add any new rule and move it somewhere, all your scripts will disable/enable wrong rules, that is why you have to use find command and get rules this way.
You can use GUI to add comment in the rule, I am showing you an example below . . .
/ip firewall nat
add action=dst-nat chain=dstnat comment=”Redirect to SQUID” disabled=no dst-port=80 protocol=tcp to-addresses=192.168.6.1 to-ports=8080
add action=masquerade chain=srcnat comment=”Default NAT Rule for Internet Access / zaib” disabled=no to-addresses=0.0.0.0
Change the host ip address as your local requirements. Its jsut an example to show you.
.
.
Adding Scripts to Enable/Disable Rule
After adding comments in the dst-nt rule, you have to create two scripts that can enable and disable the dst-nat rule. We can name them UP and DOWN.
Copy paste the below scripts on Mikrotik Terminal. It will create two scripts in System/Scripts with the name of UP and DOWN.
/system script
add name=down policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source=”:log info \”SQUID PROXY link Down. Disabling SQUID NAT Rule s\
o all load should be handled by Mikrotik alone / zaib\”\r\
\n/ip firewall nat disable [find comment=\"Redirect to SQUID\"];”
add name=up policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source=\
“:log info \”SQUID PROXY link is UP. Enabling SQUID NAT Rule / zaib\”\r\
\n/ip firewall nat enable [find comment=\"Redirect to SQUID\"];”
.
Adding NETWATCH to monitor Target Server [Squid] Link Detection
Use the below script to add netwatch entry for squid / target server link detection. It will also add the UP and DOWN script for the appropriate action. For example. When the target server link is down, it will execute script DOWN which will disable the NAT redirect rule , when the target server link is up and working, it will execute the UP script which will re-enable the redirect rule.
/tool netwatch
add comment=”Netwatch to Check SQUID Server Link state / zaib” disabled=no down-script=”/sys script run down” host=192.168.6.1 interval=5m timeout=1s \
up-script=”/sys script run up”
(Replace the host ip to match your local target server ip)
.
.
Testing Scripts . . . 
~
Now test the scripts, Unplug the Target Server LAN link, and you will see something like below in the LOG.
.
Now plugin the Target Server LAN link, and you will see something like below in the LOG.
.
.
SCRIPT TO CHECK SQUID STATUS AND START IT IF REQUIRED
Following script [checksquid.sh] will check SQUID service status , and if it found squid stop, it will start it auto, if the squid is already running , it will do nothing
</pre>
</div>
<div><code>"s/1/5/" | sed "s/0/1/"`</code></div>
<div><code>A=`service squid status | awk '{print $3}' | sed "s/process/5/"`</code></div>
<div><code>B=`echo $A`</code></div>
<div><code>if [ "$B" == "5" ]; then</code></div>
<div><code>echo "SQUID is working fine. Zaib"</code></div>
<div><code>else</code></div>
<div><code># echo "DOWN"</code></div>
<div><code>echo "SQUID Down, starting SQUID"</code></div>
<div><code>service squid start</code></div>
<div><code>fi
For example, add it using CRON by following
crontab -e
and add following line
*/5 * * * * /etc/checksquid.shNow save and exit.
Regard's
Syed Jahanzaib
