Syed Jahanzaib Personal Blog to Share Knowledge !

April 28, 2014

Howto connect Squid Proxy with Mikrotik with Single Interface

Filed under: Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 12:20 PM

This short reference guide was made on request by a creature called 'Humans' living on planet earth 😉
☻

Scenario:

We want to connect Squid proxy server with mikrotik, and Squid server have only one interface.
Mikrotik is running PPPoE Server and have 3 interfaces as follows

MIKROTIK INTERFACE EXAMPLE:

MIKROTIK have 3 interfaces as follows…

LAN = 192.168.0.1/24
WAN = 1.1.1.1/24 (gw+dns pointing to wan link
proxy-interface = 192.168.2.1/24
PPPoE Users IP Pool = 172.16.0.1-172.16.0.255

 

SQUID  INTERFACE EXAMPLE:

SQUID proxy have only one interface as follows…

LAN (eth0) = 192.168.2.2/24
Gateway = 192.168.2.1
DNS = 192.168.2.2

.

As showed in the image below …

0-interface

.

To redirect traffic from the mikrotik to Squid proxy server, we have to create a redirect rule
As showed in the example below …

.

.

Mikrotik Configuration:

CLI Version:


/ip firewall nat

add action=dst-nat chain=dstnat comment="Redirect only PPPoE Users to Proxy Server 192.168.2.2" disabled=no dst-port=80 protocol=tcp src-address=172.16.0.1-172.16.0.255 to-addresses=192.168.2.2 to-ports=8080

add action=masquerade chain=srcnat comment="Default NAT rule for Internet Access" disabled=no

 Also showed in the image below …

1- redirect rule.

.

.

No IPTABLES configuration is required at squid end 😀

.

Now try to browse from your client end, and you will see it in squid access.log
As showed in the image below …

2- squid logs with mt ip

 

DONE 🙂

.

.

.

TIPs and Tricks !

Just for info purposes …

How to view client original ip in squid logs instead of creepy mikrotik ip

As you have noticed that using above redirect method, client traffic is successfully routed (actually natted) to  Squid proxy server. But as you have noticed that squid proxy logs is showing Mikrotik IP only, so we have no idea which client is using proxy. To view client original ip address instead of mikrotik, you have to explicitly define the WAN interface in default NAT rule so that traffic send to Proxy interface should not be natted 🙂
Mikrotik Default NAT rule configuration
As showed in the image below …

3- client original ip

.

Now you can see its effect at squid logs
As showed in the image below …

4-CLIENT ORIGNIAL IP

.

.

Regard’s

☺☻♥
SYED JAHANZAIB
SKYPE – aacable79

%d bloggers like this: