well this work almost 10 year
an u can do 2 mark if you want to make shur u use same marking
new-routing-mark=http
on each range
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-box-for-two-networks-tp4683119p4683197.html
Sent from the Squid - Users
First take joseph advice.
This is the right way of doing things.
And since I have here couple MikroTik devices sitting I took one to create the
same scenario that you have and the full configuration can be seen at:
http://wiki.squid-cache.org/EliezerCroitoru/Drafts/MikroTik-Route-To-Intercept-Squi
Joseph, these lines already exists in my setup. Thanks.
Remember you what my Squid box work for my primary lan (192.168.110.0/24)
but don't work to the second lan (192.168.115.0/24)
On Thu, Jul 20, 2017 at 4:49 PM, joseph wrote:
> you might need his configuration
>
> /ip firewall address-list
>> ROUTERWIFI( WANstatic ip 192.168.1.40/24 gw 192.168.1.20) LAN
192.168.0.1/24)
is it mikrotik or other specify pls
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-as-gateway-tp4683022p4683194.html
Sent from the Squid - Users mailing list archive
you might need his configuration
/ip firewall address-list
add address=192.168.110.0/24 comment="one route port 80" list=http-route
add address=192.168.115.0/24 comment="two route port 80" list=http-route
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"Clients HTTP ro
Hi, and thank you all.
Well this is the diagram.
INTERNET
+
+
FIREWALL (10.1.158.1/24)
+
+
+
SQUID (2 interfaces) 10.1.158.2/24
192.168.1.20/24
+
+
+
ROUTERWIFI( WANstatic ip 192.168.1.40/24 gw 192.168.1.20) LAN
192.168.0.1/24)
squid config:
acl red1 src 19
Thank you Yuri! Appreciate your help.
From: Yuri [mailto:yvoi...@gmail.com]
Sent: Wednesday, July 19, 2017 5:15 PM
To: Cherukuri, Naresh; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid Version 3.5.20 Any Ideas
20.07.2017 3:09, Cherukuri, Naresh пишет:
Yuri,
I am new to squ
Thank you Amos! Appreciate your help.
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Amos Jeffries
Sent: Wednesday, July 19, 2017 8:55 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid Version 3.5.20 Any Ideas
Hi Eliezer, thanks for you reply.
I'm marking and routing traffic to port 80 from my lan's 192.168.110.0/24
(Work!) and 192.168.115.0/24 (Fail!). The mark line in Mangle is:
add action=mark-connection chain=prerouting comment="TCP 80: Tr\E1fico HTTP
de\
sde la red WIFI. Se marca la conexi\F3n
Hey Pablo,
I am working as a tech support for MikroTik devices and the tcpdump dumps are
leaving couple things unknown.
Can you share the MikroTik rules PBR rules you are using?
Are you using any kind of connection marking and tracking in the mix or just
plain source based routing?
I am pretty s
The packets are routing using a mark and later routing rules inside my
principal router (Mikrotik). Attach images with examples of packets
arriving to Squid box.
On Thu, Jul 20, 2017 at 10:27 AM, Antony Stone <
antony.st...@squid.open.source.it> wrote:
> On Thursday 20 July 2017 at 14:08:27, Pabl
On Thursday 20 July 2017 at 14:08:27, Pablo Ruben Maldonado wrote:
> Hi, i add information missing in original post. Thanks for assistance:
>
> The Squid Box has setup for Intercept Mode. Iptables rules here:
>
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
> -A PREROUTING
Hi, i add information missing in original post. Thanks for assistance:
The Squid Box has setup for Intercept Mode. Iptables rules here:
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129
The config paste in https
On 20/07/17 21:43, Matus UHLAR - fantomas wrote:
On 20.07.17 17:16, Amos Jeffries wrote:
Your DKIM signature covers the Subject and To headers. Any normal
mailing list will modify those,
I disagree - IMHO sane listservers don't modify those headers.
Sadly, sane != normal. I'm referring to t
On 20/07/17 19:24, Kurczewski, Bartłomiej (WP.PL) wrote:
Hi Amos,
As I wrote to Eliezer, his solution works.
Thank you for your help as well.
Eliezers 'solution' was to outright delete the headers HTTP uses to
protect your server against forwarding loops (Via), and to allow
back-tracking of
On 20.07.17 17:16, Amos Jeffries wrote:
Your DKIM signature covers the Subject and To headers. Any normal
mailing list will modify those,
I disagree - IMHO sane listservers don't modify those headers.
so your server cannot do that on list
postings. Content-Type is also changed sometimes by ou
Hi Eliezer,
According to your and Amos suggestions I have change squid.conf by
making "via on" and setting only "forwarded_for transparent".
And I can login to TechData website (which is not a bank, but IT
technology distributor) without any problems.
Thank you for you advice and help.
Rgdrs,
iziz
Hey iziz1,
Try to work with what Amos suggested.
Try to first turn on the via ie:
via on
and see if still works fine.
If indeed it works fine then try to change the
forwarded_for delete
into
forwarded_for transparent
and see what works for you.
It’s better to leave the via on and not off.
But f
Hi Amos,
As I wrote to Eliezer, his solution works.
Thank you for your help as well.
Rgrds,
iziz1
W dniu 2017-07-20 o 02:04, Amos Jeffries pisze:
> On 20/07/17 06:08, Eliezer Croitoru wrote:
>> Hey iziz1,
>>
>> Can you try to add squid.conf the next and see if it affects anything:
>> forwarded_fo
Hi Eliezer,
First of all I would like to thank you for fast answer.
And my second "thanks" is for your help.
Your solution works, and the problem has been solved.
Regards,
iziz1
W dniu 2017-07-19 o 20:08, Eliezer Croitoru pisze:
> Hey iziz1,
>
> Can you try to add squid.conf the next and see if
20 matches
Mail list logo
