I have configured the webproxy on my home router since i cannot post any info from a client on the forum
I have basically mirrored the needed settings on my home router with basic needed settings for internet action and this
"Internet" is the pppoe connection to the ISP. The network cable is on ether1
/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1" type="ether" mtu=1500 l2mtu=1526 max-l2mtu=1526
1 R name="ether2" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
2 name="ether3" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
3 name="ether4" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
4 R name="ether5" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
5 R name="Internet" type="pppoe-out" mtu=1480
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=10.0.0.1 gateway-status=10.0.0.1 reachable Internet distance=1 scope=30 target-scope=10
1 ADC dst-address=10.0.0.1/32 pref-src=79.x.x.x gateway=Internet gateway-status=Internet reachable distance=0 scope=10
2 ADC dst-address=10.124.175.0/24 pref-src=10.124.175.2 gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=10.124.175.2/24 network=10.124.175.0 interface=ether2 actual-interface=ether2
1 D address=79.116.67.100/32 network=10.0.0.1 interface=Internet actual-interface=Internet
/ip firewall export
# oct/04/2011 16:49:17 by RouterOS 5.7
# software id = WLVP-TRG6
#
/ip firewall address-list
add address=10.124.175.0/24 disabled=no list=SNAT
add address=10.124.175.5 disabled=no list=payment_reminder
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m \
udp-timeout=10s
/ip firewall filter
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Port scanners to list " disabled=no protocol=\
tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=\
tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp \
tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" disabled=no src-address-list="port scanners"
add action=accept chain=input comment="Allow ICMP Request limited version" disabled=no icmp-options=8:0-255 limit=3,3 protocol=icmp
add action=accept chain=input comment="Allow Winbox" disabled=no dst-port=8291 in-interface=Internet protocol=tcp
add action=accept chain=input comment="Accept PPTP" disabled=no dst-port=1723 in-interface=Internet protocol=tcp
add action=drop chain=input connection-state=new disabled=no in-interface=ether1
add action=accept chain=input comment="Accept GRE" disabled=no in-interface=Internet protocol=gre
add action=drop chain=input comment="Drop All Input" connection-state=new disabled=no in-interface=Internet
add action=accept chain=forward comment="Accept Established/Related On PPPOE" connection-state=established disabled=no in-interface=Internet
add action=accept chain=forward comment=HTTP disabled=no dst-port=80 in-interface=Internet protocol=tcp
add action=accept chain=forward connection-state=related disabled=no in-interface=Internet
add action=accept chain=forward comment="Accept RDC port 3389" disabled=no dst-port=3389 in-interface=Internet protocol=tcp
add action=accept chain=forward comment="uTorrent port 25023" disabled=no dst-port=25023 in-interface=Internet protocol=tcp
add action=drop chain=forward comment="Drop All New Connections on PPPOE" disabled=no in-interface=Internet
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=Internet
add action=dst-nat chain=dstnat disabled=no dst-port=25023 in-interface=Internet protocol=tcp to-addresses=10.124.175.5 to-ports=25023
add action=dst-nat chain=dstnat disabled=no dst-port=3389 in-interface=Internet protocol=tcp to-addresses=10.124.175.5 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-port=21 in-interface=Internet protocol=tcp to-addresses=10.124.175.5 to-ports=21
add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=Internet protocol=tcp to-addresses=10.124.175.5 to-ports=80
add action=redirect chain=dstnat disabled=yes dst-port=80 protocol=tcp src-address-list=payment_reminder to-ports=8080
/ip proxy export
# oct/04/2011 16:55:00 by RouterOS 5.7
# software id = WLVP-TRG6
#
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip proxy access
add action=allow disabled=yes dst-address=x.x.x.x (can't display this)
add action=deny disabled=yes redirect-to=
www.domain.com (here i have the real address configured on the router ofc)
ping
http://www.domain.com
HOST SIZE TTL TIME STATUS
x.x.x.x 56 47 123ms
x.x.x.x 56 47 122ms
x.x.x.x 56 47 122ms
x.x.x.x 56 47 122ms
x.x.x.x 56 47 124ms
x.x.x.x 56 47 124ms
x.x.x.x 56 47 123ms
x.x.x.x 56 47 125ms
sent=8 received=8 packet-loss=0% min-rtt=122ms avg-rtt=123ms max-rtt=125ms
C:\Users\w4rh0und>ping
http://www.domain.com
Pinging
http://www.domain.com [x.x.x.x] with 32 bytes of data:
Reply from x.x.x.x: bytes=32 time=123ms TTL=46
Reply from x.x.x.x: bytes=32 time=124ms TTL=46
Reply from x.x.x.x: bytes=32 time=122ms TTL=46
Reply from x.x.x.x: bytes=32 time=122ms TTL=46
Ping statistics for x.x.x.x:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 122ms, Maximum = 124ms, Average = 122ms
Home pc (10.124.175.5) connected on ether2 ------------(10.124.175.2) MT Router ether1 (pppoe client) ------- ISP
I even tried disabling the firewall, but still i don't get a result.
I haven't filtered anything coming from the pc, only added the redirect rule just to make sure.