/ip firewall nat
add action=masquerade chain=srcnat comment=nat disabled=no \
out-interface=public src-address=192.168.4.0/24
add action=redirect chain=dstnat comment="redirect port 80 to 3128" \
disabled=no dst-port=80 protocol=tcp src-address=192.168.4.0/24 \
to-ports=3128
/ip firewall mangle
add action=mark-connection chain=output comment=\
"mark connection *conn_squid-up*" content="X-Cache: HIT" disabled=\
no new-connection-mark=conn_squid-up passthrough=yes protocol=tcp \
src-port=3128
add action=mark-packet chain=output comment=\
"mark packet *pacotes_squid-up*" connection-mark=conn_squid-up \
disabled=no new-packet-mark=pacotes_squid-up passthrough=yes
add action=mark-connection chain=prerouting comment=\
"mark connection *conn_squid-down*" disabled=no dst-port=3128 \
new-connection-mark=conn_squid-down passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=\
"mark packet *pacotes_squid-down*" connection-mark=conn_squid-down \
disabled=no new-packet-mark=pacotes_squid-down passthrough=yes
/ip firewall filter
add action=drop chain=input comment="block external proxy" disabled=no \
dst-port=3128 in-interface=public protocol=tcp
add action=accept chain=input comment="accept connections from proxy" \
disabled=no dst-port=3128 protocol=tcp
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=\
0 max-limit=150M name=downstream packet-mark=pacotes_squid-down \
parent=global-in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=\
0 max-limit=150M name=upstream packet-mark=pacotes_squid-up parent=\
global-out priority=1 queue=default
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=yes enabled=yes max-cache-size=408555000KiB \
max-client-connections=600 max-fresh-time=3d \
max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 \
port=3128 serialize-connections=no src-address=0.0.0.0
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" disabled=\
no dst-port=23-25
add action=allow comment=web-proxy disabled=no src-address=\
192.168.4.0/24
add action=deny comment=web-proxy disabled=no