How to setup Squid as transparent proxy in Ubuntu Server 13.04 with Mikrotik Router OS

[hmtad name=”Adsense Unit 3″ align=”floatright”]

SQUID Proxy Server setup in Ubuntu Server 13.04

First we’ll setup squid in ubuntu server 13.04. It is completely a basic setup without any custom mods.

In this scenario I’ll be using two HDDs.

  • One will be used for OS – 20 GB.
  • Second one will be used for Caching purposes – 40 GB.


Firstly we are going to create and initialise our second HDD partition for cache storage.

1. sudo fdisk -l

The above command will report something like:

/dev/sda1 * 1 18709 150280011 83 Linux
/dev/sda2 18710 19457 6008310 5 Extended
/dev/sda5 18710 19457 6008278+ 82 Linux swap / Solaris

But will include a listing for your new drive. If you only see listings for /dev/sda* then your new drive has not been recognized and there is a problem with the physical installation.

2. Once you know where your drive is located (again we’ll use /dev/sdb for our example) it’s time to create a new directory where this drive will be mounted. We are mounting our drive to the directory /data so we’ll create this directory with the following command:

sudo mkdir /data

3. Now let’s make it available to all users:

sudo chmod -R 777 /data

4. With a place to mount the drive, it’s time to format the new drive. The formatting will be done with the command:

sudo mkfs.ext3 /dev/sdb

5. When this is complete you are ready to mount the drive. Before you edit fstab entry (so the drive will be automatically mounted) make sure it can be successfully mounted with the command:

sudo mount /dev/sdb /data

6.If this is successful let’s create an entry in /etc/fstab. open that file with the command

sudo nano /etc/fstab

7. Now add the following entry at the end of that file:

/dev/sdb /data ext3 defaults 0 0

8.Once you save that file, mount the drive (without having to reboot) with the command:

sudo mount -a

9. To make sure the drive mounted successfully issue the command:


The above should include in the report:

/dev/sdb   /data

10. If that’s the case, success! You can run one file test by trying to write a file to the new drive with the command:

touch /data/test

If you can write that file all is well.

11. Create a directory for storing cache files.

mkdir /data/cache

12 Now let’s make it available to all users:

chmod -R 777 /data/cache


Now, Squid and network setup for ubuntu server 13.04:

1. Ubuntu Server 13.04 Network Configuration :

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static

auto eth1
iface eth1 inet static

eth0 = WAN Interface
eth1 = LAN Interface

2. apt-get install squid

3. nano /etc/squid3/squid.conf

4. Uncomment :

acl localnet src
http_access localnet

Change :

http_port 8080 transparent
cache_dir ufs /data/cache 800 16 256

5. Save and Exit (Ctrl+O -> Y)

6. nano /etc/rc.local

Add these before exit

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
route add -net netmask gw dev eth1


eth1=LAN Interface = IP of Squid Proxy Server LAN interface (eth1) = Network for LAN users = IP Mikrotik Proxy Interface IP (Squid)

The last line is added so that squid box can access LAN users IP and transfer cached contents to them.

7. Initialise directories.

squid3 -z

8. Execute the following:


9. service squid3 restart

For your reference, you can download my working squid.conf file here.
SQUID with Mikrotik Setup Network Diagram

Mikrotik Setup:


[admin@MikroTik] > export
# aug/23/2013 11:06:54 by RouterOS 6.0
# software id 
/interface ethernet
set 0 name=LAN
set 1 name=SQUID
set 2 mac-address=00:50:56:31:A4:F0 name=WAN
/ip pool
add name=dhcp_pool1 ranges=
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
/ip address
add address= interface=WAN network=
add address= interface=SQUID network=
add address= interface=LAN network=
/ip dhcp-server network
add address= dns-server=,, gateway=
/ip dns
set allow-remote-requests=yes servers=,
/ip firewall mangle
add action=mark-routing chain=prerouting dst-port=80 new-routing-mark=http protocol=tcp
/ip firewall nat
add chain=srcnat dst-port=80 protocol=tcp
add action=masquerade chain=srcnat out-interface=WAN
/ip route
add distance=1 gateway= routing-mark=http
add check-gateway=ping distance=1 gateway=
/tool graphing interface


After you have finished your setup, execute the following on your squid server to monitor logs:

tail -f /var/log/squid3/access.log


To be continued….

Video Tutorial

Enjoyed this post? Share it!

  • Ishtiak Iqbal

    hello dear,
    kindly suggest me the way that i would use squid proxy with mikrotik in a way that if my squid server shutdown due to electricity failure or any other reason my traffic would by pass automatically directly to WAN and on returning back (getting on ) the squid server it start caching again but won’t interrupt internet. ?

      • Ishtiak Iqbal

        thanks bro ….

        Kindly also suggest me this script will work in what topology ? internet—–>squid—–> mikrotik —-> lan users or any other ?

        • Int->Sqd->Mkt->Usrs

        • Same topo as mentioned in my post. Check the net diagram.

          • Ishtiak Iqbal

            Dear can you advise me how to use squid proxy with single interface connected to MKT like …
            SQUID MKT(PPPOE)—-> Lan

            i would b very thankful to you…

          • Internet —-> MKT(PPPOE)—-> Lan

            Where is squid connected?

          • Ishtiak Iqbal

            Squid is connected with mikrotik only single interface

          • LexCyr

            i also whant to use this topology: Internet—–>Squid—–>Mkt—–>Lan
            what are the modifications to do.

  • Руслан Лобов

    i have some problems…

    all so good,my mikrotik connected to squid bt proxy not work

    The requested URL could not be retrieved

    i think problems in routing

    mikrotik lan ( users )

    i make in rc.local next:
    route add -net netmask gw dev eth1

    after start rc.local i’m not get errors.

    what i wrong doing?

  • squidblacklist

    We are the worlds leading publisher of Squid ‘Native ACL’ formatted blacklists, that allow for web filtering directly with Squid proxy. Of course we also offer alternative formats for the most widely used third party plugins, such as DansGuardian and Squidguard. And while our blacklists are subscription based, they are as a result of our efforts, of a much higher degree of quality than the free alternatives.

    Hope to serve you,


    Benjamin E. Nichols

  • glimpse

    very Nice Sharing bro thankssss

    plz help kindly suggest me the way that i would use squid proxy with mikrotik+4wan load balancing + pppoe users thanks in advance

  • Hi Srijit,
    After DDoS help, Need one more in regards of squid cache.
    I have only one router on which My main B/W configured. Can I go with this script for my network as I have no scenario like Main B/W connected to 1) Mikrotik and 2) Squid then squid with mikrotik on crossover. I want to manage it within single mikrotik. My network will be
    Mikrotik 1) Eth1; Main B/W, 2) Eth2: PPPoE, 3) ETH3: Hotspot for Info, 4)Reserved for ETH4: squid WAN and ETH5: squid cross over. Can I do like this ps guide….
    Thanks in advance