web proxy server use multiple outgoing IP address
RouterOS general discussion

12 posts   •   Page 1 of 1
ManyX
Member Candidate
Member Candidate
 
Posts: 103
Joined: Sat Jan 07, 2006 1:48 pm
Location: PolanD

web proxy server use multiple outgoing IP address

by ManyX » Thu Jan 14, 2010 4:36 pm

It is possible to configure mikrotik web proxy to use multiple outgoing IP address like in squid

Simple requirement:
If packets comes from src=10.0.1.10, forward it via public ip 1
If packets comes from src=10.0.2.10, forward it via public ip 2
If packets comes from src=10.0.3.10, forward it via public ip 3

I'm looking for something like that. In squid is:
##
#TAG: tcp_outgoing_address
# Allows you to map requests to different outgoing IP addresses
# based on the username or source address of the user making
# the request
##
I need this becouse in my country must log traffic. To some web page I log about 100 -150 connection per minute. I need to divide my user per couple ip. Search for specific person it then possible for me.

reg.

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: web proxy server use multiple outgoing IP address

by Chupaka » Fri Jan 15, 2010 1:11 am

unfortunately, no. you should use squid in addition to your router
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

ManyX
Member Candidate
Member Candidate
 
Posts: 103
Joined: Sat Jan 07, 2006 1:48 pm
Location: PolanD

Re: web proxy server use multiple outgoing IP address

by ManyX » Sat Jan 16, 2010 12:50 am

What a pity.
I think that it should be add this option to the new version ROS.
This should help many people to log traffic and identify the guilty guys.
Especially in cases when proxy is use by many users.

reg.

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: web proxy server use multiple outgoing IP address

by Chupaka » Sat Jan 16, 2010 3:10 am

mmm?.. what's wrong with log for now?..
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

ManyX
Member Candidate
Member Candidate
 
Posts: 103
Joined: Sat Jan 07, 2006 1:48 pm
Location: PolanD

Re: web proxy server use multiple outgoing IP address

by ManyX » Sun Jan 17, 2010 2:59 pm

Imagine that you have about 1500 users that connect to your proxy and connect to very popular web site.
How could I indicate guilty guys when I get from prosecutor only address IP of my proxy, address IP of web site and time. In log appears about 100 -150 connection at the same web site on the same second.
If there was the possibility of divide my users to a few public IP it will by possible indicate guilty guys.

examples:
If packets comes from src=172.16.10.0/24 forward it via public ip 1
If packets comes from src=172.16.20.0/24, forward it via public ip 2
In this solution I know that from address IP proxy xxx.xxx.xxx.9 is used by users from network 172.16.10.0/24 and user from network 172.16.20.0/24 should be ignored in investigation. In this examples I have about 50 - 75 suspects but when I divide this by two ip address I get about 25 -35 suspects or even less.

Do you know what I mean?

sorry for my poor English.

regards.

User avatar
gmsmstr
Forum Veteran
Forum Veteran
 
Posts: 924
Joined: Fri Jun 04, 2004 2:22 am
Location: St. Louis, MO

Re: web proxy server use multiple outgoing IP address

by gmsmstr » Mon Jan 18, 2010 10:05 am

You can do this, but not with the proxy system. You can send out specific IPs out specific public IPs, but again, you can't have Proxy enabled to do this.
Dennis Burgess, CCNA, A+, N+, MCP, Mikrotik Certified Consultant / Trainer
Need Mikrotik Support: http://www.linktechs.net -- Link Technologies, Inc.
--- Author of "Learn RouterOS: Second Edition" -- routerosbook.com ---

ManyX
Member Candidate
Member Candidate
 
Posts: 103
Joined: Sat Jan 07, 2006 1:48 pm
Location: PolanD

Re: web proxy server use multiple outgoing IP address

by ManyX » Mon Jan 18, 2010 12:25 pm

I start this post because in squid is this possibility. Now to divide traffic I used about 20 src-nat rules like this:
add action=src-nat chain=srcnat comment="net_1 - xxx.xxx.xxx.5" \
disabled=no out-interface=ether1 src-address-list="NAT_1" to-addresses=xxx.xxx.xxx.5
add action=src-nat chain=srcnat comment="net_2 - xxx.xxx.xxx.6" \
disabled=no out-interface=ether1 src-address-list="NAT_2" to-addresses=xxx.xxx.xxx.6

But I want used proxy from mikrotik, currently in MT proxy is possibility to change Ip address of proxy
/ip proxy set src-address=xxx.xxx.xxx.5.
Only missing acl lists maybe mt developers add this options in future.

regards.

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: web proxy server use multiple outgoing IP address

by Chupaka » Mon Jan 18, 2010 3:03 pm

1500 users is a reason to setup squid if you need caching =)
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
gmsmstr
Forum Veteran
Forum Veteran
 
Posts: 924
Joined: Fri Jun 04, 2004 2:22 am
Location: St. Louis, MO

Re: web proxy server use multiple outgoing IP address

by gmsmstr » Mon Jan 18, 2010 9:32 pm

RouteroS in V3 does not use SQUID if I am not mistaken. Course i have customers doing 3500 users with Proxying, but all one connection.
Dennis Burgess, CCNA, A+, N+, MCP, Mikrotik Certified Consultant / Trainer
Need Mikrotik Support: http://www.linktechs.net -- Link Technologies, Inc.
--- Author of "Learn RouterOS: Second Edition" -- routerosbook.com ---

ManyX
Member Candidate
Member Candidate
 
Posts: 103
Joined: Sat Jan 07, 2006 1:48 pm
Location: PolanD

Re: web proxy server use multiple outgoing IP address

by ManyX » Wed Jan 20, 2010 12:24 pm

My users kill proxy in 15 min.

Probably problem is connections to users and options Max.Client Connections. I used max value 5000 but after 15 min all connections are used and web site don't want load.
I check this:

Code: Select all
ip proxy connections print count-only where client
4893


How can I solve this problem?
Maybe limit user connections to port 80 like this rule

Code: Select all
/ip firewall filter chain=forward action=drop tcp-flags=syn protocol=tcp
     src-address-list=private_address dst-port=80 connection-limit=10,32


Do you have any solution for this problem

And the second question

Is it possible to count mangle and queue traffic incoming to my proxy? Because I don't want that proxy used all my bandwidth. Especially that I have several business users that have guaranteed bandwidth and all his connections are directly. Gateway and proxy is on the same machine.

Maybe count package different "!Cache hit DSCP" and queue

regards

User avatar
janisk
MikroTik Support
MikroTik Support
 
Posts: 5906
Joined: Tue Feb 14, 2006 10:46 am
Location: Riga, Latvia

Re: web proxy server use multiple outgoing IP address

by janisk » Wed Jan 20, 2010 1:30 pm

proxy traffic is generated by router, so check out packet flow diagram on where you have to set up your queues/mangle to limit outgoing proxy traffic, as requests to web servers and not handling user requests that come in from your users.

ManyX
Member Candidate
Member Candidate
 
Posts: 103
Joined: Sat Jan 07, 2006 1:48 pm
Location: PolanD

Re: web proxy server use multiple outgoing IP address

by ManyX » Wed Jan 20, 2010 2:28 pm

Could you check it?

2 ;;; traffic from proxy do users
chain=output action=mark-connection new-connection-mark=traffic_conn_z_p
passthrough=yes dst-address-list=networks dscp=4

3 chain=output action=mark-packet new-packet-mark=traffic_z_p passthrough=no
connection-mark=traffic_conn_z_p

4 ;;; traffic from internet use by proxy
chain=output action=mark-connection new-connection-mark=proxy_con
passthrough=yes dst-address-list=networks dscp=!4

5 chain=output action=mark-packet new-packet-mark=proxy passthrough=no
connection-mark=proxy_con

In proxy I use option "cache-hit-dscp: 4"

enabled: yes
src-address: xx.xx.xx.3
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: "admin@admin.ad"
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 5000
max-server-connections: 5000
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: sata1

what about my users connections to proxy is there any possibility to increase Max.Client Connections. Maybe if I turn on this options serialize-connections and
always-from-cache the proxy performance will increase.


reg.

12 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Google Feedfetcher, hgonzale, Yahoo [Bot] and 26 guests

It is currently Mon Nov 24, 2014 2:50 am