Using Mikrotik, we can redirect HTTP traffic to SQUID proxy Server, We can also control user bandwidth, but

its a good idea to deliver the already cached content to user at full lan speed, that’s why we setup cache server
for, to save bandwidth and have fast browsing experience , right :p , So how can we do it in mikrotik that cache
content should be delivered to users at unlimited speed, no queue on cache content. Here we go.

By using ZPH directives , we will mark cache content, so that it can later pick by Mikrotik.

Basic requirement is that Squid must be running in transparent mode, can be done via iptables and squid.conf
directives.
I am using UBUNTU squid 2.7 , (in ubuntu , apt-get install squid will install squid 2.7 by default which is gr8
for our work)
Add these lines in SQUID.CONF

#===============================================================================
#ZPH for SQUID 2.7 (Default in ubuntu 10.4) / Syed Jahanzaib aacable@hotmail.com
#===============================================================================
tcp_outgoing_tos 0x30 lanuser [lanuser is ACL for local network, change it to match your's]
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
#===============================================================================
#ZPH for SQUID 2.7 (Default in ubuntu 10.4) / Syed Jahanzaib aacable@hotmail.com
#===============================================================================
tcp_outgoing_tos 0x30 lanuser [lanuser is ACL for local network, change it to match your's]
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

Use following if you have squid 3.1.19

#======================================================
#ZPH for SQUID 3.1.19 (Default in ubuntu 12.4) / Syed Jahanzaib aacable@hotmail.com
#======================================================

# ZPH for Squid 3.1.19

qos_flows local-hit=0x30

That’s it for SQUID, Now moving on to Mikrotik box ,

Add following rules,

# Marking packets with DSCP (for MT 5.x) for cache hit content coming from SQUID Proxy

/ip firewall mangle add action=mark-packet chain=prerouting disabled=no dscp=12 new-packet-mark=proxy-hit

passthrough=no comment="Mark Cache Hit Packets"

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pmark
packet-mark=proxy-hit parent=global-out priority=8 queue=default
# Marking packets with DSCP (for MT 6.x) for cache hit content coming from SQUID Proxy

/ip firewall mangle add action=mark-packet chain=prerouting comment="MARK_CACHE_HIT_FROM_PROXY_ZAIB" disabled=no

dscp=12 new-packet-mark=proxy passthrough=no

/queue tree add comment="ZPH Cache Hit Queue" name=proxy packet-mark=zph-hit parent=global priority=1
queue=default

# If above queue tree donot work with ROS 6.x then try adding simple queue and move it on TOP in simple QUEUE
section,
/queue simple
add max-limit=100M/100M name="ZPH-Proxy Cache Hit Simple Queue / Syed Jahanzaib >aacable@hotmail.com" packet-
marks=zph-hit priority=1/1 target="" total-priority=1

Now every packet which is marked by SQUID CACHE_HIT, will be delivered to user at Full lan speed, rest of traffic will be
restricted by user Queue.