Hello Eliezer, I finally got my setup to work; turned out to be intercepted clients running into default nat, while my test squid server did not allow them access, not even through iptables!
Now, I have one last bit to handle, which you did not cover in your video. I'm using 3 ports for squid like Rafael's guide: one for normal CONNECT, one for intercepted plain HTTP on 80, and one for intercepted HTTPs on 443. The setup works awesome for TLS addresses (i.e https://), but browser redirection from Plain to TLS, say from http://cnn.com to https://cnn.com, fails to happen. It just waits then time out. What could be done to make it happen? All best, K On Sat, Aug 13, 2022 at 7:57 PM <ngtech1...@gmail.com> wrote: > > Hey K, > > > > What RouterOS version are you using? > > Also, what rules have you applied? > > If there is a very long delay and then a failure you should verify that the > rules you wrote are proper to your environment. > > You should route packets based on connection marks and mark only new > connections from LAN IP addresses and only on the LAN interface. > > As I showed in the demo video it’s very simple to implement. > > > > Let me know if you are still having issues. > > > > Eliezer > > > > ---- > > Eliezer Croitoru > > NgTech, Tech Support > > Mobile: +972-5-28704261 > > Email: ngtech1...@gmail.com > > Web: https://ngtech.co.il/ > > My-Tube: https://tube.ngtech.co.il/ > > > > From: M K <mohammed.khal...@gmail.com> > Sent: Saturday, 13 August 2022 10:59 > To: ngtech1...@gmail.com > Cc: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Squid 4.8+ intercept > > > > Thank you for your quick reply. The text-drawing actually changed with > different font; the squid server is effectively connected to MikroTik router, > not the same physical link as the client. > > > > The MikroTik router sits between the client and squid server. > > > > That said, I can confirm that the MikroTik router is effectively able to > route/DNat client packets going to ports 80 and 443 to squid server. > Depending on router rules be it route or dnat, the client browser effectively > displays the error page of squid, or goes into a very long delay then failure. > > > > I will retry and let you know. > > > > K > > On Wed, Aug 10, 2022, 10:08 <ngtech1...@gmail.com> wrote: > > Hey K, > > > > I am not sure about the network topology. > > Preferably the Squid should reside on another network then the clients if > it’s intercepting the traffic. > > Also, I assume it’s not a TPROXY setup so it should be pretty simple and > straight forward. > > > > I understand why are you asking this question. > > Also take into account that Mikrotik is now on 7.4 firmware and it’s > recommended to use this one. > > If you are using any other version let me know so I can try to make sense on > the differences. > > I will try to give a DEMO for such a setup and how to make it work. > > > > Eliezer > > > > ---- > > Eliezer Croitoru > > NgTech, Tech Support > > Mobile: +972-5-28704261 > > Email: ngtech1...@gmail.com > > Web: https://ngtech.co.il/ > > My-Tube: https://tube.ngtech.co.il/ > > > > From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of M K > Sent: Tuesday, 9 August 2022 22:29 > To: squid-users@lists.squid-cache.org > Subject: [squid-users] Squid 4.8+ intercept > > > > Hello, > > > > I have a setup like this one: > > > | Client | =====> | Router | =====> Internet > || > \/ > | Squid | > > > > ...the router is a Mikrotik router capable of all things NAT/Redirect and > whatnot. Squid server has only one network interface. > > Using the router: > > - I tried routing traffic to squid server IP. > > - I tried destination-NATing from client to server IP, with origin server > IP-and-port natted to squid IP-and-port, and with origin server IP-only > natted to squid-IP. > > > > I have been struggling for 2 days to setup a working Squid 4.8 or higher > interception. > > Test server is running Ubuntu 18.4.3 and Squid 4.8. > > Documentation is either too much trim or extremely outdated. > > Any help would be very much appreciated. > > > > All best, > > K _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
