Transparent Proxy with Squid Ubuntu Shorewall Mikrotik
This is my update posting, about Transparent Proxy with Squid 3
Network configuration as shown above. I use virtual box to test it.
Ubuntu server 13.10, mikrotik 5.20, shorewall 4.5.21.4, and squid 3.3.11. The instruction how to configure the network above, still same like at previous posting.
And the result is successfull, there is no problem. An important note to remember. Follow my instruction carefully. Don’t ever miss any step. If you miss just one step, you will get error and user will be not connected.
In theory, packet from users go to internet (port 80) via a proxy server (squid). The important thing here is the Squid considers the request comes from the IP. 10.10.10.xx/24. Look at picture below.
and the image below as proof, that the above configuration are able to cache web.
Another way to make Transparent Proxy
Next, I tried a different way, at the proxy firewall.
/ ip firewall nat
add chain=srcnat action=masquerade src-address=10.11.11.0/24
add chain=srcnat action=masquerade src-address=10.10.10.0/24
add chain=srcnat action=masquerade src-address=10.11.11.0/24
add chain=srcnat action=masquerade src-address=10.10.10.0/24
Can you see the difference between the above configuration, and the configuration of the previous posts??absolutely right. The difference lies in the "IP address" and out interface. Then in the acl in squid.conf,modified to 10.11.11.0/24. So it should be like this.
acl bamboe src 10.11.11.0/24
With command "tail -f /var/log/squid/access.log", so the result as shown above. Users connected to the Internet (browsing) through a proxy server (squid). But this time Squid considers the request comes from an IP gateway 10.11.11.1
Which is good? Both are good. But I prefer to use the previous method, squid view the request from the real IP address of user. Then we will know IP address of user that connected to the Internet.
Which is good? Both are good. But I prefer to use the previous method, squid view the request from the real IP address of user. Then we will know IP address of user that connected to the Internet.