How to redirect HTTP (tcp 80) ports to another server
RouterOS general discussion

25 posts   •   Page 1 of 1
User avatar
karo84
Member Candidate
Member Candidate
 
Posts: 192
Joined: Fri Aug 17, 2007 9:06 am
Location: Armenia, Yerevan

How to redirect HTTP (tcp 80) ports to another server

by karo84 » Sat Apr 12, 2008 5:43 pm

Hi every one,
I want to redirect the HTTP ports to my proxy server (Fedora 8), but NOT USING IP>Proxy or IP>Web Proxy.
I just want to redirect that ports using ip firewall feature.
Any advices, Any suggestions?

Thanks
With Best Regards
Karapet Aznavuryan

raktim
Member Candidate
Member Candidate
 
Posts: 171
Joined: Fri Jun 15, 2007 7:22 am

Re: How to redirect HTTP (tcp 80) ports to another server

by raktim » Sat Apr 12, 2008 6:07 pm

ip firewall dst nat protocol=tcp In-interface=lan dst-port=80 Action dst-nat to address= xxxx (ur fedora/linux) to ports=xxx (ports u have to use, for proxy may be 3128)

User avatar
karo84
Member Candidate
Member Candidate
 
Posts: 192
Joined: Fri Aug 17, 2007 9:06 am
Location: Armenia, Yerevan

Re: How to redirect HTTP (tcp 80) ports to another server

by karo84 » Sat Apr 12, 2008 6:46 pm

Thanks Ratkim

I have tested, But it does not work at all.
some body help, Please.

SurferTim
Forum Guru
Forum Guru
 
Posts: 4637
Joined: Mon Jan 07, 2008 11:31 pm
Location: Miramar Beach, Florida

Re: How to redirect HTTP (tcp 80) ports to another server

by SurferTim » Sat Apr 12, 2008 6:56 pm

Greetings!

If you tried the example above as-is, it has some challenges. If the web server is 192.168.0.2, then this should do:

/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-port=80 to-addresses=192.168.0.2
You will lose the ability to use a web-based controller on the parent device tho.

User avatar
karo84
Member Candidate
Member Candidate
 
Posts: 192
Joined: Fri Aug 17, 2007 9:06 am
Location: Armenia, Yerevan

Re: How to redirect HTTP (tcp 80) ports to another server

by karo84 » Sat Apr 12, 2008 7:17 pm

So, Look at My configuration,
I have Mikrotik 2.9.50 ROS and Squid running on Fedora 8
Everything is ok.
My Squid listens on port 61119, when I redirect the HTTP ports via Ip>Proxy or IP>Web Proxy to the Squid's 61119 port, everything works fine,
But when I do dst-nat to my squid's 61119 port, sometimes I get "the requested url could not be retrieved" message or did not get any reply.
Why? where did I make a mistake?

With Best Regards
Karapet Aznavuryan

SurferTim
Forum Guru
Forum Guru
 
Posts: 4637
Joined: Mon Jan 07, 2008 11:31 pm
Location: Miramar Beach, Florida

Re: How to redirect HTTP (tcp 80) ports to another server

by SurferTim » Sat Apr 12, 2008 7:23 pm

My bad! :oops:
/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-port=80 to-addresses=192.168.0.2 in-interface=ether1

This way only ether1 (internet) will use this nat. Your local users will still go through the proxy.

EDIT: You also may want to do a
/ip firewall nat print
and insure your squid proxy port 80 dstnat rule is not above this dstnat rule. I believe you can use the place-before=0 variable to put this rule first. The first rule that applies is used, and, as the docs say, all others are ignored.

User avatar
karo84
Member Candidate
Member Candidate
 
Posts: 192
Joined: Fri Aug 17, 2007 9:06 am
Location: Armenia, Yerevan

Re: How to redirect HTTP (tcp 80) ports to another server

by karo84 » Sat Apr 12, 2008 7:38 pm

SurferTim wrote:My bad! :oops:
/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-port=80 to-addresses=192.168.0.2 in-interface=ether1

This way only ether1 (internet) will use this nat. Your local users will still go through the proxy.

EDIT: You also may want to do a
/ip firewall nat print
and insure your squid proxy port 80 dstnat rule is not above this dstnat rule. I believe you can use the place-before=0 variable to put this rule first. The first rule that applies is used, and, as the docs say, all others are ignored.

I have tried every methods, but there is no use.
My Squid will handle requests only on port 61119, if I put the dst-nat rule to all of its ports, my HTTP requests will go to Squid's 80 port.
I don't want that, I just want to redirect HTTP Requests.

SurferTim
Forum Guru
Forum Guru
 
Posts: 4637
Joined: Mon Jan 07, 2008 11:31 pm
Location: Miramar Beach, Florida

Re: How to redirect HTTP (tcp 80) ports to another server

by SurferTim » Sat Apr 12, 2008 7:43 pm

OK, can you post a copy of your ip firewall nat?

EDIT: The MT box is the router, and the fedora box is the web server, right?

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: How to redirect HTTP (tcp 80) ports to another server

by Chupaka » Mon Apr 14, 2008 1:51 am

well, if your users and squid server are in one subnet, you should use srcnat along with dstnat. but you will loose the ability to check user's IP on squid server. Web Proxy returns this ability back =)
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
karo84
Member Candidate
Member Candidate
 
Posts: 192
Joined: Fri Aug 17, 2007 9:06 am
Location: Armenia, Yerevan

Re: How to redirect HTTP (tcp 80) ports to another server

by karo84 » Tue Apr 15, 2008 2:40 pm

Chupaka wrote:well, if your users and squid server are in one subnet, you should use srcnat along with dstnat. but you will loose the ability to check user's IP on squid server. Web Proxy returns this ability back =)

Thanks Chupaka.
My users are not in th same subnet with Squid,
When I put the proxy server setting to my Squid
Every thing is ok,
But I want to redirect the HTTP requests to Squid,
Please tell Me what to do,
dst-nat does not help,

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: How to redirect HTTP (tcp 80) ports to another server

by Chupaka » Tue Apr 15, 2008 3:04 pm

please describe your network topology
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
karo84
Member Candidate
Member Candidate
 
Posts: 192
Joined: Fri Aug 17, 2007 9:06 am
Location: Armenia, Yerevan

Re: How to redirect HTTP (tcp 80) ports to another server

by karo84 » Tue Apr 15, 2008 7:12 pm

I have 2 ROS 2.9.51 PIII
1 For NAS Server, and the other is for NAT Server to Internet
Look at the picture, this is the topology.
My Squid Is in the same network with NAS (192.168.250.0/24 network)
My Clients (PPTP and PPPOE) get IP addresses from 172.16.0.0/12 network.
I just want to redirect the HTTP port from network 172.16.0.0/12 to 192.168.250.50 port 63333( Ssuid listens on this port)
When I set the Proxy server settings in I-explorer or Mozilla IP=SquidIP and Port=Squidport everything is ok,
But I want to do transparent redirect NOT USING IP>Proxy or IP>Web Proxy Features
With Best Regard
Karapet Aznavuryan
Attachments
Network.JPG
Network topology
Network.JPG (58.99 KiB) Viewed 8293 times

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: How to redirect HTTP (tcp 80) ports to another server

by Chupaka » Tue Apr 15, 2008 11:13 pm

are your clients, NAS and squid in different physical segments (different broadcast domains) or only different IP segments?
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
karo84
Member Candidate
Member Candidate
 
Posts: 192
Joined: Fri Aug 17, 2007 9:06 am
Location: Armenia, Yerevan

Re: How to redirect HTTP (tcp 80) ports to another server

by karo84 » Wed Apr 16, 2008 10:49 am

They are in different IP Segments,
Thanks

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: How to redirect HTTP (tcp 80) ports to another server

by Chupaka » Thu Apr 17, 2008 12:56 am

so you need they be on different RouterOS interfaces (VLANs, for example)
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
karo84
Member Candidate
Member Candidate
 
Posts: 192
Joined: Fri Aug 17, 2007 9:06 am
Location: Armenia, Yerevan

Re: How to redirect HTTP (tcp 80) ports to another server

by karo84 » Thu Apr 17, 2008 1:59 am

Thanks Chupaka,
I have already done using 2 different ROS.
Thanks Very Much;

nbson
just joined
 
Posts: 15
Joined: Thu Mar 17, 2005 4:34 pm

Re: How to redirect HTTP (tcp 80) ports to another server

by nbson » Thu Apr 17, 2008 4:57 pm

set your dst-nat rules as the posts above reccomend...
then,

try this in your squid.conf:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Or if it's a newer version of squid, this:

http_port <ip of server>:<port your proxy listens on> transparent

User avatar
hilton
Long time Member
Long time Member
 
Posts: 628
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: How to redirect HTTP (tcp 80) ports to another server

by hilton » Tue Jun 03, 2008 11:57 am

[quote="Chupaka"]well, if your users and squid server are in one subnet, you should use srcnat along with dstnat. but you will loose the ability to check user's IP on squid server. Web Proxy returns this ability back =)[/quote]

Chupaka, I've setup the internal proxy in 3.10. It now allows me to use the parent proxy settings and this works like a charm. Except that now the squid box shows all hits originating from the mikrotik router and not the user's ip address.

The squid is set in transparent mode and if I manually point a browser to the squid box, it shows the individual ip address in the logs but not if I use the miktotik's web proxy.

Any ideas for me please?

My rules;
1 ;;; Accept squid proxy server
chain=dstnat action=accept src-address=192.168.50.3 in-interface=bridge dst-port=80 protocol=tcp

2 ;;; Redirect via internal proxy
chain=dstnat action=redirect to-ports=8080 in-interface=bridge dst-port=80 protocol=tcp
Regards
Hilton

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: How to redirect HTTP (tcp 80) ports to another server

by Chupaka » Tue Jun 03, 2008 1:35 pm

of course you do not need transparent mode on squid
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
hilton
Long time Member
Long time Member
 
Posts: 628
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: How to redirect HTTP (tcp 80) ports to another server

by hilton » Tue Jun 03, 2008 3:48 pm

ok so what you are saying is that I need to enable authentication on the squid server?

will any requests on port 80 which are redirected to the mikrotik internal web proxy be pushed through to the squid box?

the squid box is going to ask for authentication, so surely I need to setup some rule where it handles this two way communication?
Regards
Hilton

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: How to redirect HTTP (tcp 80) ports to another server

by Chupaka » Tue Jun 03, 2008 4:54 pm

no, you need no authentication (ROS do not support it yet). ROS proxy should send client's IP in parent proxy request, so try to sniff request's packets, and if there is client's IP, see what you can do with squid. else - write to support =)
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
hilton
Long time Member
Long time Member
 
Posts: 628
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: How to redirect HTTP (tcp 80) ports to another server

by hilton » Tue Jun 03, 2008 5:16 pm

thanks Chupaka.
Regards
Hilton

aprmicro
just joined
 
Posts: 21
Joined: Tue Oct 23, 2007 1:06 pm

Re: How to redirect HTTP (tcp 80) ports to another server

by aprmicro » Mon Jul 21, 2008 4:53 pm

Hi Hilton,

So, did you call tech support? Is there any resolution for this redirect to squid server problem?

Thanks,

apr

User avatar
hilton
Long time Member
Long time Member
 
Posts: 628
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: How to redirect HTTP (tcp 80) ports to another server

by hilton » Mon Jul 21, 2008 5:03 pm

It will work if you set the squid server to be transparent, but not if you need it to authenticate via LDAP.
Regards
Hilton

aprmicro
just joined
 
Posts: 21
Joined: Tue Oct 23, 2007 1:06 pm

Re: How to redirect HTTP (tcp 80) ports to another server

by aprmicro » Mon Jul 21, 2008 8:15 pm

hilton wrote:It will work if you set the squid server to be transparent, but not if you need it to authenticate via LDAP.


Thank you Hilton. But I tried some of the examples above and it doesn't work here. As I read through this thread again , I think I have a different network as yours. I have something like:

Code: Select all
Internet<----Router----Squid----rb532a----Clients


Here is what I want to do. Just like the Subject of this thread. But I think I misunderstood some posts.

I need to pass http port 80 directly to squid proxy server without going through the Proxy of the rn532a. If I set my browser settings to use the squid proxy everything is fine... But when I redirect port 80 to the squid port 3128 it does not work. I get something like "the requested url could not be retrieved".

@Chupaka and karo84

What do you mean by this ? viewtopic.php?p=111478#p111478

Thank you,

aprmicro

25 posts   •   Page 1 of 1

Who is online

Users browsing this forum: dustovich, xetu and 34 guests

It is currently Fri Nov 28, 2014 1:54 am