Joined: Fri Aug 17, 2007 8:06 am Posts: 192
Karma: 0
Location: Armenia, Yerevan
Hi every one, I want to redirect the HTTP ports to my proxy server (Fedora , but NOT USING IP>Proxy or IP>Web Proxy. I just want to redirect that ports using ip firewall feature. Any advices, Any suggestions?
Joined: Fri Jun 15, 2007 6:22 am Posts: 163
Karma: 0
ip firewall dst nat protocol=tcp In-interface=lan dst-port=80 Action dst-nat to address= xxxx (ur fedora/linux) to ports=xxx (ports u have to use, for proxy may be 3128)
If you tried the example above as-is, it has some challenges. If the web server is 192.168.0.2, then this should do:
/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-port=80 to-addresses=192.168.0.2 You will lose the ability to use a web-based controller on the parent device tho.
Joined: Fri Aug 17, 2007 8:06 am Posts: 192
Karma: 0
Location: Armenia, Yerevan
So, Look at My configuration, I have Mikrotik 2.9.50 ROS and Squid running on Fedora 8 Everything is ok. My Squid listens on port 61119, when I redirect the HTTP ports via Ip>Proxy or IP>Web Proxy to the Squid's 61119 port, everything works fine, But when I do dst-nat to my squid's 61119 port, sometimes I get "the requested url could not be retrieved" message or did not get any reply. Why? where did I make a mistake?
This way only ether1 (internet) will use this nat. Your local users will still go through the proxy.
EDIT: You also may want to do a /ip firewall nat print and insure your squid proxy port 80 dstnat rule is not above this dstnat rule. I believe you can use the place-before=0 variable to put this rule first. The first rule that applies is used, and, as the docs say, all others are ignored.
This way only ether1 (internet) will use this nat. Your local users will still go through the proxy.
EDIT: You also may want to do a /ip firewall nat print and insure your squid proxy port 80 dstnat rule is not above this dstnat rule. I believe you can use the place-before=0 variable to put this rule first. The first rule that applies is used, and, as the docs say, all others are ignored.
I have tried every methods, but there is no use. My Squid will handle requests only on port 61119, if I put the dst-nat rule to all of its ports, my HTTP requests will go to Squid's 80 port. I don't want that, I just want to redirect HTTP Requests.
well, if your users and squid server are in one subnet, you should use srcnat along with dstnat. but you will loose the ability to check user's IP on squid server. Web Proxy returns this ability back =)
_________________ For every complex problem, there is a solution that is simple, neat, and wrong.
Joined: Fri Aug 17, 2007 8:06 am Posts: 192
Karma: 0
Location: Armenia, Yerevan
Chupaka wrote:
well, if your users and squid server are in one subnet, you should use srcnat along with dstnat. but you will loose the ability to check user's IP on squid server. Web Proxy returns this ability back =)
Thanks Chupaka. My users are not in th same subnet with Squid, When I put the proxy server setting to my Squid Every thing is ok, But I want to redirect the HTTP requests to Squid, Please tell Me what to do, dst-nat does not help,
Joined: Fri Aug 17, 2007 8:06 am Posts: 192
Karma: 0
Location: Armenia, Yerevan
I have 2 ROS 2.9.51 PIII 1 For NAS Server, and the other is for NAT Server to Internet Look at the picture, this is the topology. My Squid Is in the same network with NAS (192.168.250.0/24 network) My Clients (PPTP and PPPOE) get IP addresses from 172.16.0.0/12 network. I just want to redirect the HTTP port from network 172.16.0.0/12 to 192.168.250.50 port 63333( Ssuid listens on this port) When I set the Proxy server settings in I-explorer or Mozilla IP=SquidIP and Port=Squidport everything is ok, But I want to do transparent redirect NOT USING IP>Proxy or IP>Web Proxy Features With Best Regard Karapet Aznavuryan
[quote="Chupaka"]well, if your users and squid server are in one subnet, you should use srcnat along with dstnat. but you will loose the ability to check user's IP on squid server. Web Proxy returns this ability back =)[/quote]
Chupaka, I've setup the internal proxy in 3.10. It now allows me to use the parent proxy settings and this works like a charm. Except that now the squid box shows all hits originating from the mikrotik router and not the user's ip address.
The squid is set in transparent mode and if I manually point a browser to the squid box, it shows the individual ip address in the logs but not if I use the miktotik's web proxy.
Any ideas for me please?
My rules; 1 ;;; Accept squid proxy server chain=dstnat action=accept src-address=192.168.50.3 in-interface=bridge dst-port=80 protocol=tcp
no, you need no authentication (ROS do not support it yet). ROS proxy should send client's IP in parent proxy request, so try to sniff request's packets, and if there is client's IP, see what you can do with squid. else - write to support =)
_________________ For every complex problem, there is a solution that is simple, neat, and wrong.
It will work if you set the squid server to be transparent, but not if you need it to authenticate via LDAP.
Thank you Hilton. But I tried some of the examples above and it doesn't work here. As I read through this thread again , I think I have a different network as yours. I have something like:
Code:
Internet<----Router----Squid----rb532a----Clients
Here is what I want to do. Just like the Subject of this thread. But I think I misunderstood some posts.
I need to pass http port 80 directly to squid proxy server without going through the Proxy of the rn532a. If I set my browser settings to use the squid proxy everything is fine... But when I redirect port 80 to the squid port 3128 it does not work. I get something like "the requested url could not be retrieved".
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
Login |
HOME
, but 
