Hi,
I have 2 internet connections, one for management and the other for workers.
I were able to use mac addresses of the computer’s interfaces + routing marks from mangle successfully to force users to use their corresponding gateways from the router.
However there is one transparent proxy Squid is working on the Mikrotik box too. I need to some-how distinguish the management users to use their own internet connection while browsing internet. Otherwise they will be forced to use worker’s internet connection which is sometimes very slow.
How can I do this? If I can’t do this, then tell me a way to use the same Routing Mark group and disable squid for management.
I don’t want to enter ip addresses of the management to the Web Proxy’s Direct Access tab, since they might change, and I have already entered their mac addresses. I believe I should be able to do this onwards.
Any help would be appreciated.
BTW: My RouterOS is 2.9
Hi,
I solved this problem. Let me write the solution in case somebody else needs it too.
I opened up the redirect rule for the proxy server, and chose “main” as the routing mark from it’s general tab.
This way, all the routings marked as management does not enter into the rule. Only the other rules are there.
Regards,
Hello,
After a little more check, I found out that my problem still remains.
Now the proxy is never used.
I believe I must be able to do one of the following:
- Firewall → NAT tab, I need to be able to bypass proxy server redirection only for the marked routed connections.
- Firewall → Mangle tab, I need to be able to mark the rest of the computers with another routing mark and will be able to use it in the routing page.
Which one can it be?
Please help.
I solved this again.
I just put another line into my NAT configuration. Just before redirect line, to “accept” packets coming from marked routing mangle.
Regards,
i am trying to do almost the same thing.
can you please post your config for /ip firewall, /ip firewall mangle, nat and anything else.
thanks!
did you start to mark the packets in the user profile? or later on