Mikrotik and Squid = Transparent Proxy

In business networks there is a big usage of  transparent proxy also home networks can use it also.

Thanks to that kind of server we can monitoring a lot of meta data and value information from client network and also prevent a lot of virus infections.

Lets assume that our server ( have Ubuntu or Debian operation system installed on it and the lan network is

On server there is also software firewall (iptables) which we will use to forward connection using commands below:

Next, on Mikrotik router we will add firewall rules to forward chosen clients (via list SQUID_CLIENTS) to server with squid proxy:

This way we finished configuration of proxy server which will capture web traffic and don’t need to be configure on client side.


5 thoughts on “Mikrotik and Squid = Transparent Proxy

    • BigRetroMlKE says:

      squid is
      netmask is or /24
      gateway is
      any other client get ip from dhcp from network

      To be honest not much there is to know more, most important is the squid ip to forward traffic to it.

      Only thing important is to add client IP that you want to push thru squid to mikrotik SQUID_CLIENTS address list;

      • Helen says:

        Thank you so much, I can track HTTP traffic now but the problem is that this doesn’t help in logging https traffic. Please post a solution for it.

        • BigRetroMlKE says:

          you would need to install certificate on your machine and setup https-proxy that would talk with page you want to sniff. Also https was made so sniffing is very hard without access to machine you want to sniff. But if you came up with some solution.

          • Helen says:

            I have generated self-certificate and tried to configure proxy but was not able to do so. If you can provide some guide or link then I really appreciate.

Leave a Reply

Your email address will not be published. Required fields are marked *