Hey Pablo, I am working as a tech support for MikroTik devices and the tcpdump dumps are leaving couple things unknown. Can you share the MikroTik rules PBR rules you are using? Are you using any kind of connection marking and tracking in the mix or just plain source based routing? I am pretty sure that the issue is in the reverse path and not backwards. If you can export your MikroTik configuration I might be able to try and help you find the right rules if these are wrong. Also make sure that the squid box has reverse path filtering disabled using: http://wiki.squid-cache.org/EliezerCroitoru/Drafts/MwanLB#Set_Reverse_Path_Filter_machine_globally_script And also take a peek at: http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2#Linux_and_Squid_Configuration I planned to add into the wiki an article\tutorial how to setup squid with MikroTik since there are more than a dozen of articles\tutorials that just do not do it the right way. Eliezer * you can send me the configuration privately if these are sensitive ---- http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Pablo Ruben Maldonado Sent: Thursday, July 20, 2017 16:41 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Squid box for two networks The packets are routing using a mark and later routing rules inside my principal router (Mikrotik). Attach images with examples of packets arriving to Squid box. On Thu, Jul 20, 2017 at 10:27 AM, Antony Stone <mailto:Antony.Stone@xxxxxxxxxxxxxxxxxxxx> wrote: On Thursday 20 July 2017 at 14:08:27, Pablo Ruben Maldonado wrote: > Hi, i add information missing in original post. Thanks for assistance: > > The Squid Box has setup for Intercept Mode. Iptables rules here: > > -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 > -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129 How are you routing the packets from the firewall to Squid? > The config paste in https://pastebin.com/Witg3cG1 > > Thanks > > On Mon, Jul 17, 2017 at 5:31 PM, Pablo Ruben Maldonado < > > mailto:pablo.ruben.maldonado@xxxxxxxxx> wrote: > > Hello, I have a squid box 3.5 working without problems for the lan > > http://192.168.110.0/24 for several months. Now I want setup to another lan > > http://192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come > > to squid box. But in Squid's log I do not see anything. Can they give me > > some tip? Can you give us any examples of packets as seen by tcpdump on the Squid box: a) from http://192.168.110.0/24 b) from http://192.168.115.0/24 Antony. -- BASIC is to computer languages what Roman numerals are to arithmetic. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
