To add SQUID Proxy Caching Server support in Mikrotik, Assuming the following Scenario.
DSL MODEM IP = 192.168.1.1
MIKROTIK LAN IP = 10.0.0.1
SQUID LAN IP = 192.168.2.1
I assume that you already have working Mikrotik in place, and Already configured SQUID Server ready, (You can search guides about there configurations at my blog), I will just show you how to interconnect them together so All users browsing port 80 request will go to SQUID for caching facility)
We will divide this article in two sections.
1# MIKROTIK CONFIGURATION
2# SQUID CONFIGURATION
.
1# MIKROTIK CONFIGURATION
Mikrotik Have 3 Interfaces.
ether1 = 10.0.0.1
Connected to LAN
ether2 = 192.168.2.2
Connected Directly to PROXY’s eth0 via crossover cable.
ether3 = 192.168.1.2
Connected Directly to WAN/DSL
As shown in the image below . . .
Open New Terminal and create new NAT rule to redirect port 80 traffic to SQUID proxy server. Command as follows.
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=192.168.2.1 to-ports=8080
[192.168.2.2 is the SQUID proxy server ip]
As shown in the image below . . .
That’s it for mikrotik configuration, If internet sharing is already configured at SQUID server, then now you don’t need to adjust any configuration at squid box, all requests will be served by squid.
Now moving on to squid . . .
.
.
2# SQUID CONFIGURATION
SQUID PROXY SERVER have two Interfaces
eth0 = 192.168.2.1
Connected Directly with Mikrotik’s PROXY interface via crossover cable.
eth1 = 192.168.1.3
Connected Directly with WAN/DSL
Note: I Will not discuss howto configure SQUID here as it have already been well described in my other articles as follows, Therefore I assume you have already configured SQUID and must be running it in TRANSPARENT mode (using squid.conf directives and iptables)
Add the following line in /etc/squid/squid.conf
# PORT and Transparent Option http_port 8080 transparent
For iptables to redirect user request to port 8080 transparently, Also masquerade traffic , Add the following line in /etc/rc.local or issue the command at CLI,
# Redirect users request to squid port 8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.2.1:8080 # Set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface 192.168.1.3 -j MASQUERADE
Where eth0 is LAN interface of SQUID.
.
Now Try to Browse, and at Proxy Server , Monitor SQUID Log by following command
tail -f /var/log/squid/access.log
and you will see User Browsing request coming via Mikrotik ip.
As shown in the image below . . .
.
.
If you want to log USER’s Original IP address instead of Mikrotik, Either add route in Squid server for your local user subnet pointing to mikrotik proxy interface, OR you have to use Packet Marking + ROUTING method as described in the following article.
https://aacable.wordpress.com/2011/07/21/mikrotik-howto-redirect-http-traffic-to-squid-with-original-source-client-ip/
More are here …
For more information, Read the below . . .
https://aacable.wordpress.com/2011/08/08/linux-transparent-squid-proxy-server-guide/ https://aacable.wordpress.com/2011/06/01/linux-simple-internet-sharing-script/ https://aacable.wordpress.com/2012/01/19/youtube-caching-with-squid-2-7-using-storeurl-pl/
.
.
Regard’s
SYED JAHANZAIB
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
