I need help using my MikroTik to forward all outbound traffic to a Dansguardian (DG) machine.
I’ve got a router at 192.168.0.5, NAT network. the DG box is 192.168.0.244. I only have a masquerade rule for NAT, and 2 dst-nat rules to forward the traffic. They are dstnat, src IP 192.168.0.244, action is allow. This is to allow the DG box access to the internet without it being re-forwarded back to itself.
The second rule says that anything with a destination TCP port of 80 to forward to 192.168.0.244 port 8080.
When I try to surf the internet, I can’t get out using it as a transparent proxy like this. If I set the proxy in the browser to 192.168.0.244:8080, then the browser works. If I remove it, no interwebs for me. I have verified that it has internet access, and can resolve names.
If this still doesn’t work I would assume its because the computer is on the same network as the proxy, so rather than trying to forward the response back to the router the proxy is sending directly back to you causing some triangular routing and confusing the computer.
I’d then try shifiting the DG box to 192.168.1.244 and try again with the forwarding rule.
Thanks for the reply. I ended up having to put the DG box on 192.168.17.244, and changing the rules and IP’s in the MikroTik box to allow/forward traffic through the DG box that way.
I wonder why it doesn’t work on the same network. odd…
Because the DG machine would receive a re-directed (change dst-address) request with the original src-address still intact.. so when it goes to reply with the information to the computer on the same network, that computer has no reason to accept an inbound connection from the DG box.
(I’m probably not quite right with the explanation, but I know thats close to the reason)
