I need your help to solve my problem. My boss asked me to build proxy server very soon. I am using Mikrotik proxy and do not want to use Squid because I don’t know any Linux script.
Please see my attached picture.
My question is:
Is it possible for MIKROTIK AS BRIDGE + INTERNAL PROXY to cache all clients’ HTTP request ?
And I want my “Mikrotik Router” do bandwidth shapping, while my “Mikrotik Bridge” ONLY do web caching.
Config in this device are:
/interface bridge add name=bridge1 protocol=none disabled=no
/interface bridge port add interface=ether-to-client bridge=bridge1 disabled=no
/interface bridge port add interface=ether-to-router bridge=bridge1 disabled=no
/interface bridge settings
set use-ip-firewall=yes
use-ip-firewall-for-pppoe=no
use-ip-firewall-for-vlan=no
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 primary-dns=0.0.0.0 secondary-dns=0.0.0.0
HTTP down (cannot browsing) when I am using that topology and configs
If I disabled DST-NAT to 3128, HTTP is up and normal.
Please show me where is my mistake ?
Intresting
i am not test in MT . i used Linux+squid instead of MT and its work for me. The problem was same as you facing in MT. Add the ip addresses and gateway on bridge interface. the ip range must be your client using. e.g 192.168.1.254/24 gw 192.168.1.1 .
If I add the ip addresses and gateway on bridge interface (in Mikrotik Bridge), so all traffic shapping will be done in Mikrotik Bridge, right ? And I won’t like this.
I want all traffic shapping done in Mikrotik Router. And Mikrotik Bridge only do caching.
In your dst-nat rule, try using “in-bridge-port” (ethernet facing router).
The bridge will only shape traffic traffic if you have it configured to.
If it were me, I might put my dst-nat rule on the router pointing to the proxy bridge…well actually, I’d run proxy on the router…unless it doesn’t have the horsepower and disk space.
Thanks for your advice.
But if I put my dst-nat rule on the router pointing to the proxy bridge, all of my clients will using default route. Seems your advice could not work for multiple gateway.
I think because your gateway is behind the bridge you will have difficulty doing it transparently except by redirecting it back using a firewall rule on the gateway router. That seems a bit inefficiant since it’s sat before the router from the clients perspective. For it to be transparant you will need to run the proxy rule on the gateway redirecting port 80 to the port and IP of the proxy. It will work but slighty odd setup I think. Could you run web proxy on the router? Maybe beef up the hardware a bit.
I put my “mikrotik bridge + web proxy” before “mikrotik router” because my topology is multiple gateway. If I only use “mikrotik router + web proxy”, without “mikrotik bridge” in the middle, seems impossible since mikrotik proxy does not support multiple gateway.
If I run the proxy rule on the gateway redirecting port 80 to the port and IP of the proxy…I tried too and all of my clients will always use WAN1 (my default gateway). So this way, also multiple gateway does not work.
Hi,
Brother my english is not good but i can give you a idia, i think is working 100%
first: don’t use bridge-router as a bridge mod, you need to use brige-router as a gatway but with live IP concept (IP Passthrough) and through all clint to man router with original ip but not just port 80 like thathttp://wiki.mikrotik.com/wiki/Live-IP-CONCEPT_route_a_IP_in_any_interface_with_Original_ID & just chang, bypass all ip traffic but not port 80 !Dst Port 80 Protocol tcp
I have tried your idea, I already “mark route” the traffic, but the traffic always go through “default gateway” of my bridge. So my router could not shapping my client’s IP, because the router see my Proxy’s IP
