Squid

How to set up transparent Squid for a pair with Mikrotik?

There is a Squid-server ( 10.10.10.1 ) with one network interface card. And there is Mikrotik ( 10.10.10.254 ).

Squid version is 4.10. Compiled from source.

On Mikrotik I wrote the rules:

/ip firewall mangle 
add chain=prerouting action=mark-routing new-routing-mark=SQUID passthrough=no 
      protocol=tcp src-address=10.10.10.100 in-interface=bridge-local
      dst-port=80
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=SQUID scope=30 target-scope=10

where 10.10.10.100 is the address of my computer. So far for tests only one.

On the server where Squid is, I did everything according to the instructions:

iptables -t nat -A PREROUTING -i eth1 -s 10.10.10.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3129

Enabled packet forwarding:
net.ipv4.ip_forward = 1

In the Squid settings, I wrote this:

http_port 3129 intercept
http_port 3128

Everything else at Squid is left by default.

When I go to HTTP sites, the page doesn't load. The indicator spins endlessly, but the page is not shown. The visited site is present in the Squid logs, but it does not open in the browser.

Sometimes there is an error in the logs

1582641137.824      0 10.10.10.254 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -

What could be the problem?

The squid is built from source. The configuration options are:

configure options:  '--prefix=/usr' '--localstatedir=/var' '--sysconfdir=/etc/squid' '--datadir=/share/squid' '--with-default-user=proxy' '--with-logdir=/data/squid/log' '--with-pidfile=/var/run/squid.pid' '--with-swapdir=/data/squid/cache' '--with-openssl=/home/vadim/openssl-1.1.1d' '--with-large-files' '--enable-cpu-profiling' '--enable-gnuregex' '--enable-icmp' '--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-ssl-crtd' --enable-ltdl-convenience

Can you share the working config of Squid and Mikrotik for 4.10 version of Squid? Can't set up.