Community discussions

MikroTik App
 
tiago202021
newbie
Topic Author
Posts: 25
Joined: Sat Jan 18, 2014 2:52 pm

Proxy and Firewall Rules

Thu Feb 13, 2014 3:43 pm

Hi...
I have a web proxy configured correctly and works like a charm, but, there is a computer on that network that I want to exclude from web proxy filtering and I don't want to do it by ip address but by MAC address. How can I do that.
;D
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Thu Feb 13, 2014 6:47 pm

Try running this in scheduler:
ip proxy direct set numbers=0 src-address=[ /ip arp 
 get value-name=address number=[find mac-address=00:08:5D:2D:Df:79 ]]
You will have to create the web proxy rule by hand the first time, but after that this simple script will update the address for you as often as you schedule it to do so. BTW, this was used in ROS 6.7.

Cheers :D
 
tiago202021
newbie
Topic Author
Posts: 25
Joined: Sat Jan 18, 2014 2:52 pm

Re: Proxy and Firewall Rules

Thu Feb 13, 2014 7:28 pm

Man, that's so advanced to me. Can you tell me with more details, or where I can find some kind of tutorial about this?
Thanks
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Fri Feb 14, 2014 4:31 am

Just create a new scheduler instance and copy that text into the window. Replace the MAC address with the one you are going to use. Set it to run every 10 minutes or so and you should be all set. Unfortunately, I don't really know of a good tutorial that would cover this. The more you use the CLI the better you get at it...
 
tiago202021
newbie
Topic Author
Posts: 25
Joined: Sat Jan 18, 2014 2:52 pm

Re: Proxy and Firewall Rules

Mon Feb 17, 2014 4:25 pm

ssofet, my router is a RB750, which is upgradeable up to 6.1, the script did not run. I created a new script, which of course, based in yours. The script update an entry, but it is in the access function. :D


ip proxy access set 0 src-address=[ /ip arp get value-name=address number=[find mac-address=00:00:00:00:00:00]]


Thanks for your help man...
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Mon Feb 17, 2014 7:40 pm

Sorry, I didn't understand what you meant with
The script update an entry, but it is in the access function.
I tested that on 6.7. I don't know how it well it will work on 6.1. Is upgrading an option for you?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Proxy and Firewall Rules

Tue Feb 18, 2014 1:42 am

Would it be ok to set a dhcp lease as static for that mac address, then use that ip as the filter?
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Tue Feb 18, 2014 3:26 am

:D That would be a lot easier...
 
patrick63
just joined
Posts: 1
Joined: Tue Feb 18, 2014 8:27 am
Location: United States

Re: Proxy and Firewall Rules

Tue Feb 18, 2014 12:55 pm

You will have to make the web proxies concept manually initially, but after that this easy program will upgrade the deal with for you as often as you routine it to do so. BTW, this was used in ROS 6.7.
 
tiago202021
newbie
Topic Author
Posts: 25
Joined: Sat Jan 18, 2014 2:52 pm

Re: Proxy and Firewall Rules

Tue Feb 18, 2014 6:25 pm

Would it be ok to set a dhcp lease as static for that mac address, then use that ip as the filter?

Yes, using DHCP would be more easier of course, but in case that machine is not on and someone knows that machine has access to facebook, then that person could use the same IP and have access. I work on a computer maintenance that is why I need this.
 
tiago202021
newbie
Topic Author
Posts: 25
Joined: Sat Jan 18, 2014 2:52 pm

Re: Proxy and Firewall Rules

Tue Feb 18, 2014 6:30 pm

Sorry, I didn't understand what you meant with
The script update an entry, but it is in the access function.
I tested that on 6.7. I don't know how it well it will work on 6.1. Is upgrading an option for you?

In / ip proxy direct, the "set" option didn't worked for me, then I used the set function in / ip proxy access, btw the "access" rules are processed first than the "direct??
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Tue Feb 18, 2014 7:50 pm

You will have to create the rule first, then the script will keep it updated. Yes, that's fairly true about the access list being processed first. The access list determines who/ what can access the proxy and the direct rules determine what bypasses the proxy.
 
tiago202021
newbie
Topic Author
Posts: 25
Joined: Sat Jan 18, 2014 2:52 pm

Re: Proxy and Firewall Rules

Tue Feb 18, 2014 8:18 pm

Sorry man, your script works very fine, the fact is that I didn't created the rule first.. :?

Thanks for everything bro.
Last edited by tiago202021 on Tue Feb 18, 2014 8:22 pm, edited 1 time in total.
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Tue Feb 18, 2014 8:21 pm

No Problem :D Glad you got it working.
 
Arpanet
Member Candidate
Member Candidate
Posts: 281
Joined: Sat Aug 24, 2013 8:26 pm

Re: Proxy and Firewall Rules

Thu Feb 27, 2014 10:04 pm

No Problem :D Glad you got it working.
hey guys when trying to set rule in -ip proxy access I got this:
 /ip proxy access> set numbers=0 src-address=[/ip arp get value-name=address number=[find mac-address
=40:B3:95:62:EA:E7]]
no such item
why??
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Thu Feb 27, 2014 10:15 pm

why??
Because you have the create the proxy rule first and then this rule will modify it.
 
Arpanet
Member Candidate
Member Candidate
Posts: 281
Joined: Sat Aug 24, 2013 8:26 pm

Re: Proxy and Firewall Rules

Thu Feb 27, 2014 10:22 pm

sorry for my ingnorance, I'm new to routeros;
I guess I need to create this rule in -ip proxy direct ?
and what's the function of this rule?
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Fri Feb 28, 2014 1:07 am

At the beginning of this thread, someone asked how to they could have someone bypass the proxy that was in place. In this situation, they knew the MAC address, but the IP address was always going to be changing. If they had had the IP address, they would only have needed to put the rule into the proxy. That piece of code, when used with scheduler, allows them to identify the customer via the MAC address and then updates the rule with the correct IP address.
 
Arpanet
Member Candidate
Member Candidate
Posts: 281
Joined: Sat Aug 24, 2013 8:26 pm

Re: Proxy and Firewall Rules

Fri Feb 28, 2014 10:13 pm

At the beginning of this thread, someone asked how to they could have someone bypass the proxy that was in place. In this situation, they knew the MAC address, but the IP address was always going to be changing. If they had had the IP address, they would only have needed to put the rule into the proxy. That piece of code, when used with scheduler, allows them to identify the customer via the MAC address and then updates the rule with the correct IP address.
you did not understand me. I know what that rule does.
I meant what's the function of proxy rule I have to create. Because I don't know what I should write via terminal :D
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Proxy and Firewall Rules

Mon Mar 24, 2014 4:24 pm

That proxy rule simply says that any traffic from that IP address go directly to the Internet and by-passes the web proxy.

Who is online

Users browsing this forum: A9691, VinceKalloe and 71 guests