Bridge with Proxy

jkevlin · November 22, 2009, 7:09pm

Is it possible to use the Web Proxy with bridged traffic?

Chupaka · November 23, 2009, 12:43am

/interface bridge settings set use-ip-firewall=yes

then you can use NAT rules to setup transparent proxy (see documentation for example)

jkevlin · November 23, 2009, 2:26am

If I have the following settings:
/ip proxy> print
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: “webmaster”
max-cache-size: 20000KiB
cache-on-disk: yes
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: system

/ip firewall nat
add action=redirect chain=dstnat comment=“” disabled=no dst-port=80
in-interface=ether4 protocol=tcp to-ports=8080

I don’t see any activity.
I have bridged ports ether1-wan and port ether4

Chupaka · November 23, 2009, 9:01am

instead of in-interface=ether4, you should use in-bridge-port=ether4

sudiptakp · November 23, 2009, 10:31am

Does your bridge interface have an IP address?

Sudipta

jkevlin · November 23, 2009, 3:05pm

instead of in-interface=ether4, you should use in-bridge-port=ether4

I tried that, it didn’t work.

Does your bridge interface have an IP address?

Yes.

Chupaka · November 23, 2009, 3:28pm

so, the rule still doesn’t count packets?

do you have another dst-NAT rules?

jkevlin · November 24, 2009, 12:40am

so, the rule still doesn’t count packets?

No.

do you have another dst-NAT rules?

No.

Should I be setting the rules under
/ip firewall nat
or
/interface bridge nat
?

Chupaka · November 24, 2009, 10:27am

under

/ip firewall nat

also, show us

/interface bridge settings print

sudiptakp · November 24, 2009, 10:32am

Give a simple answer.

when you do a tracert to www.google.com from your user pc do you pass through the IP address on the bridge port? I mean does the tracert result show up the ip address of the bridge interface anywhere?

If the answer is no then it is impossible to fire a transparent proxy in the current topology.

just check.

regards,

Sudipta

Chupaka · November 24, 2009, 10:39am

of course bridge’s IP is not shown in tracert. if it’s shown - then it’s routing, not bridging =)

jkevlin · November 24, 2009, 3:00pm

Chupaka,

I started over from scratch with a clean install. Followed instructions and it worked.

Thanks

Chupaka · November 24, 2009, 3:26pm

glad to hear that =)

nishadul · October 16, 2015, 3:37pm

Hello,

I have face a problem of Bridge with Proxy.

Problem is : From my remote user PC (connected by vlan) http website work is very slow as like opening time 10/15 minute (Browser status bar show Transferring data). but https website work is good.

But my local user PC is working good, no problem.

See my network diagram:
Network-Diagram.jpg
My router configuration is as follows:

IP/Address Interface
000.000.00.000 = ISP (vlan565)
192.168.10.254 = br_local_lan

bridge name = br_local_lan
protocol mode = none
Use Ip firewall = yes
Allow fast Path = yes

Bridge/Ports
ether3lan = br_local_lan
vlan757 = br_local_lan

IP/Firewall nat rule: Add chain= dstnat Protocol=6(tcp) Dst.Port=80 In.Interface=br_local_lan Action=redirect To ports=8080

I am not find out the problem of my configuration, So pl help me how to solve the problem.

Regards,
Nishadul

Chupaka · October 19, 2015, 3:37pm

sounds like MTU problem. you may try to decrease MSS for TCP packets by Mangle rule and check again