Well this is the most efficient and less risker way. I do not know MikroTik enough to the hardware but it has a routing engine so... routing policy. In the past I wrote about it somewhere with details instructions on how to do it in a mikrotik. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov Sent: Thursday, October 27, 2016 20:51 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Transparent and non Transparent at the same time -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 You absolutely sure, Eliezier? :) 27.10.2016 23:46, Eliezer Croitoru пишет: > You need routing policy not DNAT. > > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of erdosain9 > Sent: Thursday, October 27, 2016 19:08 > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Transparent and non Transparent at the same time > > Ok... but i have this problem > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 > > ... > I put some dstnat in Mikrotik (192.168.1.1) > > > ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp > dst-port=80 action=dst-nat > to-addresses=192.168.1.20 to-ports=3129 > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33 > 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on > local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92) Protocol not available > > I dont have iptables or firewalld... im using Centos... is necessary enable firewalld or iptables??? > > > im using the PC (192.168.1.121 for test) Thanks > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680330.html > Sent from the Squid - Users mailing list archive at Nabble.com. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users - -- Cats - delicious. You just do not know how to cook them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYEj6aAAoJENNXIZxhPexGKMwH/1bJbs+gQQAg5rdk/pyskSYB hPxlzR2MCa2glOhDMKqcnBBscv94ITVJW4eCzxZZZaNhAe1xbBISUhFfS3SBpCbn C6RfOMG0N2D1uXRDRtskuoELMbfxOsRPGLcUC1a7acUts299k+oTz1kpLlzWWWTB kfNvDZTLTvatvgGTI6lD9EUjk7zR0DbzXDX6AuF8UZ2z2izv/RqPMFKu9se+zkGe gjGgDNYwD1gBDXhPvTzLRjRnWgZPv0Cb4L63JPerZvl+nPt6gcfPf32DR8imkKeg YnDp3YDZQcZqMZRWANBb7UZefQ/PNisoHhLybhoQ7SuyKEVq2tKmq1DPwcSy18A= =iuPQ -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
