The Easy Way to setting Mikrotik + Squid and Simple Queue

In a Case, there is my client wishing topology in its(the network using machine Mikrotik which will be joined forces with Squid, where this Squid stays in machine FreeBSD. He wishs, arrangement of shaping easily, by using Simple Queue.

If topology like this : INET ------- Mikrotik --------- SQUID -------- Client

Bandwidth Management is handle by SQUID. We wanted is like this :

INET | Mikrotik ---- SQUID | Client

So, shaping to client is handle by Mikrotik.

Requirement :

  1. Mikrotik Box by minimizing 3 ethernet card.
    1 applied for Uplink, 1 applied for Squid Box, 1 applied for line to client.
  2. Squid Box, in this case I apply FreeBSD as OS.

Configuration :

  1. Mikrotik Box :
    • ethernet for Uplink applies ip 192.168.1.2/30 with gateway 192..168.1.1, change name ether1 with Uplink
    • ethernet for Squid applies ip 172.17.1.1/30, change name ether2 with Proxy
    • ethernet for Client applies ip 192.168.10.1/24, change name ether3 with Client
  2. Squid Box :
    • ethernet applies ip 172.17.1.2/30
    • port 8080

How To :

  1. Setting WebProxy at Mikrotik Box:

    [admin@mt] > /ip web-proxy print
    enabled: no
    src-address: 0.0.0.0
    port: 3128
    hostname: "proxy"
    transparent-proxy: no
    parent-proxy: 0.0.0.0:0
    cache-administrator: "webmaster"
    max-object-size: 4096KiB
    cache-drive: system
    max-cache-size: none
    max-ram-cache-size: unlimited
    status: stopped
    reserved-for-cache: 0KiB
    reserved-for-ram-cache: 29696KiB

    [admin@mt] > /ip web-proxy set enabled=yes hostname="Proxy" transparent-proxy=yes parent-proxy=172.17.1.2:8080 cache-administrator="Mine" max-ram-cache-size=none enabled=yes

    [admin@mt] > /ip web-proxy print
    enabled: yes
    src-address: 0.0.0.0
    port: 3128
    hostname: "Proxy"
    transparent-proxy: yes
    parent-proxy: 172.17.1.2:8080
    cache-administrator: "Mine"
    max-object-size: 4096KiB
    cache-drive: system
    max-cache-size: none
    max-ram-cache-size: none
    status: running
    reserved-for-cache: 0KiB
    reserved-for-ram-cache: 29696KiB

  2. Firewall Setting NAT, trafig which use port 80 will redirect to webproxy.

    [admin@mt] > /ip firewall nat add action=redirect chain=dstnat src-address=192.168.10.0/24 protocol=tcp dst-port=80 to-ports=3128 in-interface=Client

    [admin@mt] > /ip firewall nat print
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=dstnat in-interface=Client src-address=192.168.10.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128
    1 chain=srcnat src-address=192.168.10.0/24 action=masquerade
    2 chain=srcnat src-address=172.17.1.2/32 action=masquerade

  3. Setting simple queue as usual, by using interface=Client
  4. Setting at squid, can apply transparent or no.

Done...
After I try, result is, client applies bandwidth as according to bandwidth which shaping we have at simple queue, don't forget, to make simple queue for proxy with bandwidth larger ones.
Hopefully this article can help.

.....

Comments  

 
0 # 2010-01-21 15:50
thank you for this leason.
Reply | Reply with quote | Quote
 
 
0 # 2010-04-24 05:14
Thanks for the articles, its very usefull for everyone.

Try to get information : 3 steps seting up mikrotik in www.wiki-hotspot.com

Setting mikrotik hanya dalam 3 langkah : nugrohobatam.wordpress.com
Reply | Reply with quote | Quote
 
 
0 # 2010-11-06 13:27
Thanks for the tutorial...nice tutorial
Reply | Reply with quote | Quote
 
 
0 # 2010-11-06 14:55
@All : Thx for your comment
Reply | Reply with quote | Quote
 
 
0 # 2011-03-23 18:18
thanks for the tutor, i hope it will work
Reply | Reply with quote | Quote
 
 
0 # 2011-05-11 07:08
nice tutorial...hope it will work
Reply | Reply with quote | Quote
 
 
0 # 2011-10-29 17:26
thanks for the share
Reply | Reply with quote | Quote
 
 
0 # ipolit 2011-11-28 15:51
Thank you for the tutorial, it is very helpful.
Unfortunately I need to make something more complicated and I still wonder how to do it.
I have 3 independent ISPs and now I have 3 routers running pFsense on those routers. Each of the routers has transparent Squid with acl.
I want to replace pFsenses with Mikrotik routers (pFsense is running on old HP servers which consume a lot of electricity), but I want to use one transparent Squid server for the 3 internet lines. The most important is that I need the traffic from certain clients to go through certain ISP, so probably I will need to mark packets and to make source based routing.
Any advices will be appreciated.
Thank you
Reply | Reply with quote | Quote
 
 
0 # Mubashir 2012-01-19 11:07
THXXXXXXXXXXXXX
Reply | Reply with quote | Quote
 

Add comment

Thanks for your comment


Security code
Refresh

About You :

IP Address :
38.107.179.242
United States United States
Browser :
Unknown Unknown
Operating System :
Unknown Unknown

Keep This Site Alive

Your Comment On Tutorial:

Banner
Copyright © 2012 MustNoFee
This blog is 1.590 days since Jan, 12 2008