Transparent Proxy with Squid 3.3.11 + Ubuntu + Shorewall + Mikrotik (Update)
This is my update posting, about Transparent Proxy with Squid 3.3.x + ubuntu + Shorewall + Mikrotik. Someone told me that the configuration worked but they had TCP_MISS, I was curious. Then I try to re-configure the above experiment with some recent software updates, and this is it.
Network configuration as shown above. I use virtual box to test it. Ubuntu server 13.10, mikrotik 5.20, shorewall 4.5.21.4, and squid 3.3.11. The instruction how to configure the network above, still same like at previous posting.
And the result is successfull, there is no problem. An important note to remember. Follow my instruction carefully. Don’t ever miss any step. If you miss just one step, you will get error and user will be not connected.
In theory, packet from users go to internet (port 80) via a proxy server (squid). The important thing here is the Squid considers the request comes from the IP. 10.10.10.xx/24. Look at picture below.
and the image below as proof, that the above configuration are able to cache web.
Another way to make Transparent Proxy
Next, I tried a different way, at the proxy firewall.
/ ip firewall nat
add chain=srcnat action=masquerade src-address=10.11.11.0/24
add chain=srcnat action=masquerade src-address=10.10.10.0/24
add chain=srcnat action=masquerade src-address=10.11.11.0/24
add chain=srcnat action=masquerade src-address=10.10.10.0/24
Can you see the difference between the above configuration, and the configuration of the previous posts??absolutely right. The difference lies in the "IP address" and out interface. Then in the acl in squid.conf,modified to 10.11.11.0/24. So it should be like this.
acl bamboe src 10.11.11.0/24
With command "tail -f /var/log/squid/access.log", so the result as shown above. Users connected to the Internet (browsing) through a proxy server (squid). But this time Squid considers the request comes from an IP gateway 10.11.11.1
Which is good? Both are good. But I prefer to use the previous method, squid view the request from the real IP address of user. Then we will know IP address of user that connected to the Internet.
Which is good? Both are good. But I prefer to use the previous method, squid view the request from the real IP address of user. Then we will know IP address of user that connected to the Internet.
Update about caching youtube.
Cache youtube with using nginx, now is not working. I think algoritma youtube has changed.
More than 3 weeks I tried various methods to caching youtube, but it not 100% work.I'm still looking for the good method to caching youtube.
If you have any information about this, please command...oops, sorry... I mean please comment... :)
( Update January 2th, 2014). Look at for another method, it's 100% working.
More than 3 weeks I tried various methods to caching youtube, but it not 100% work.
( Update January 2th, 2014). Look at for another method, it's 100% working.
ليست هناك تعليقات:
إرسال تعليق