[HELP PLEASE] Mikrotik v3 x86 - Webproxy issue using 2wans

RouterOS General
1

As i wrote on my last post, there is an issue using web-proxy upgraded from v2.9.50 to v3.x (including the last v3.3).

As I read on the mikrotik manual at web-proxy reference guide:

src-address (IP address; default: 0.0.0.0) - the web-proxy will use this address connecting to the parent proxy or web site.
0.0.0.0 - appropriate src-address will be automatically taken from the routing table


My mt box has 2 different wans IP, and i´m using policy routing to redirect web traffic to gw 179.16.32.1

default: 201.33.4.2 (gw 201.33.4.1)
default to web: 179.16.32.2 (gw 179.16.32.1)

At 3.3 version on webproxy, even specifying the 179.16.32.2 as src-address the packages goes outside using 201.33.4.2.
This not happens using 2.9.x, and helped me a lot doing “cache full bandwidth” and lots more.
I tried doing a policy-routing to redirect even the 3128 traffic to the web gateway, but when I do this, the webpages stop responding..

Help me guys!

best regards from brazil,

vince (netsoares)

Web Proxy - Two Wan-s trouble with redirect http traffic.
Web Proxy - Two Wan-s trouble with redirect http traffic.
redirect http to wan2 and force to it
2

I have the some problem on my serwer.
I try everything and i can’t redirect traffic for secondary Wan.
Do you have any options?

My ver of ROS 3.3
Tom

3

You need to add two routing marks in mangle. Make sure these rules are numbers 0 and 1 in your mangle list.

/ip firewall mangle 
add action=mark-routing chain=prerouting comment="" disabled=no dst-port=80 new-routing-mark=HTTP passthrough=yes protocol=tcp  place-before=0
add action=mark-routing chain=output comment="" disabled=no dst-port=80 new-routing-mark=HTTP passthrough=yes protocol=tcp  place-before=1

Now make a policy routing rule for HTTP.

/ip route 
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=179.16.32.1 routing-mark=HTTP scope=255 target-scope=10

Then create a lookup rule.

/ip route rule 
add action=lookup comment="" disabled=no routing-mark=HTTP src-address=0.0.0.0/0 table=HTTP

That’s it!

4

Thank’s that is working, but somethimes connections is broken.
Web side is loding and is stop respodning.

Thanks for help.
Tom

5

I have another problem.

That is mangle:
/ip firewall mangle> print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; HTTP
chain=prerouting action=mark-routing new-routing-mark=DSL1
passthrough=yes in-interface=LAN dst-port=80 protocol=tcp

1 chain=output action=mark-routing new-routing-mark=DSL1 passthrough=yes
dst-port=80 protocol=tcp

2 ;;; Proxy
chain=prerouting action=mark-routing new-routing-mark=DSL1
passthrough=yes in-interface=LAN dst-port=3128 protocol=tcp

3 chain=output action=mark-routing new-routing-mark=DSL1 passthrough=no
dst-port=3128 protocol=tcp

4 ;;; mark proxy traffic
chain=output action=mark-packet new-packet-mark=proxy-hit passthrough=no
out-interface=LAN dscp=4

5 ;;; ICMP
chain=prerouting action=mark-routing new-routing-mark=DSL1
passthrough=no in-interface=LAN protocol=icmp

I got working web proxy on second wan but
I have another problem when I enable web proxy i have many times out connection.
Web sides loading and sometimes connections break and web side don’t responding.
What is the reson off that?

Thank’s for help.
Tom