ok, it's done. it works now on 1 eth. all i did: on squid: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3129 on mikrotik: remove all redirect NAT, create a route to squid machine as internet gateway, create a mangle where src-nat from clients dst-port=80, are all routed to proxy gateway. i have another problem though, i do: # tail -f /var/log/squid3/access.log | grep TCP_HIT and if i: # tail -f /var/log/squid3/access.log i see everything is TCP_MISS, for example: 1404449047.279 2035 192.168.14.3 TCP_MISS/200 327 POST http://makasar.speedtest.telkom.net.id/speedtest/upload.php? - HIER_DIRECT/118.98.104.242 text/html 1404449049.441 4211 192.168.14.3 TCP_MISS/200 327 POST http://makasar.speedtest.telkom.net.id/speedtest/upload.php? - HIER_DIRECT/118.98.104.242 text/html 1404449052.162 2630 192.168.14.3 TCP_MISS/200 327 POST http://makasar.speedtest.telkom.net.id/speedtest/upload.php? - HIER_DIRECT/118.98.104.242 text/html 1404449052.966 3419 192.168.14.3 TCP_MISS/200 327 POST http://makasar.speedtest.telkom.net.id/speedtest/upload.php? - HIER_DIRECT/118.98.104.242 text/html something i missed? if if i don't wrongly recall, my last squid(squid 2.9) access.log, don't have HIER_DIRECT, it is just DIRECT. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/access-denied-tp4666619p4666637.html Sent from the Squid - Users mailing list archive at Nabble.com.
