Search squid archive

Re: Mikrotik and Squid Transparent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

Thought I would re word what i got from this, see if I understood.

If squid and router (default gateway) are on the same box
then
DNAT to the SQUID listening port and local ip (Can you use localhost
suppose it doesn't matter)
else
router the packet to the SQUID box (if possible)
DNAT on the SQUID box to the local listening port and ip


Squid is able to look in the NAT table ? to confirm what the
destination would be not what the DNAT'ed ip would be.


Does that sum it up ?


Alex



On 28 June 2015 at 21:11, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 28/06/2015 10:37 p.m., Dalmar wrote:
>> To begin with, thank you Marcel,Alex and Amos for your help guys i am
>> really so close because of you. I have done exactly what Marcel told me and
>> now all transparent/intercept errors are gone. It worked nicely when i used
>> two mikrotiks one for WAN and the other for the LAN connection, however,
>> when i use one mikrotik it says TCP_MISS_ABORTED and NONE_ABORTED. In this
>> situation ,squid gets internet from the MK LAN port using a public IP and i
>> can ping the net, but squid throws the above error in the access.log. The
>> topo i wanna use is INTERNET >>MK >> SQUID .
>> i think the iptable rules will change.The Mikrotik have 3 NICS now , but i
>> can add 1 more so it becomes eth0:WAN eth1:LAN eth2:PROXY-LAN
>> eth3:PROXY-WAN .
>
> You should not need extra NICs for this. The Mikrotik rules just need to
> distinguish the flows clearly.
>
> a) LAN->WAN dst port TCP/80 use gateway eth2
> b) *->WAN use gateway eth0
> c) *->Squid use gateway eth2
> d) *->LAN use gateway eth1
>
>>
>> NB: it says Your message to squid-users awaits moderator approval , Message
>> body is too big ,for all my replays! so sorry for the delay.
>
> NP: We have a 40KB size limit on posts to these lists. Moderation for
> others and the moderators procrastinate.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux