Hi I need some help. I need to make limit access for PPPoE.
PPPoE clients pool IP is 10.80.40.0/24
I want limit access only to some web site for example:
www.paypal.com
Any help I will appreciate.
Thanks!
I have this setup and block the IP pool that I want. But the port 443 is open and the client can access any page with https:
enabled: yes
src-address: 10.80.40.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: "webmaster"
max-cache-size: none
cache-on-disk: no
max-client-connections: 5000
max-server-connections: 5000
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: primary-slave
Proxy Access Rules
/ip proxy access
add action=allow comment="" disabled=no dst-host=www.mydomain.com\
redirect-to=www.mydomain.comsrc-address=10.80.40.0/24
add action=deny comment="" disabled=no dst-host=*.* redirect-to=\
www.mydomain.comsrc-address=10.80.40.0/24
add action=allow comment="" disabled=no dst-host=www.paypal.com src-address=\
10.80.40.0/24
Firewall Rules
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.80.40.0/24
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.66.40.0/23
add action=redirect chain=PROXY-LIMIT comment="" disabled=no dst-port=8080 \
in-interface=ether1 protocol=tcp src-address=10.80.40.0/24
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=0-79 \
protocol=tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=81-442 \
protocol=tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=444-65535 \
protocol=tcp src-address=10.80.40.0/24 to-ports=8080
This site is manually block for port 443
chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=10.80.40.0/24 dst-address=64.178.214.6 dst-port=443
Firewall Filter
/ip firewall filter
add action=drop chain=input comment="" disabled=no dst-port=8080 \
in-interface=ether1 protocol=tcp src-address=10.80.40.0/24
For some reason I have to block the most popular web site for port 443 and skype still work.
Help please I almost done
???
???
???
???
???
???
???
???
???
??
?
you cannot use transparent proxying for https
I think, you should just get IP addresses of paypal servers, allow port 443 to there addresses and then block all the rest. all in firewall filter, w/o webproxy
Thanks for help me and respond.
It’s reliable to make this implementation or there other way to make that.
Its working but I don’t have any experience with web proxy on Mikrotik.
The others IP pools work with out problems for those rules.
Please advice.
Thanks! Thanks! Thanks! Thanks! 
Hi Chupaka
I have RoutersOS 3.22 is safe to upgrade to 4.1?
In my setup the proxy wil work only for the 10.80.40.0/24 or all ip will use this proxy?
I just want proxy for the IP pool 10.80.40.0/24
sorry I am newbie
I began to doubt in task formulating… do you need to allow access only to paypal, or you need to block access to paypal?..
in your setup the proxy will work only for the 10.80.40.0/24 subnet - see your ‘redirect’ NAT rule
allow only to paypal and my web site.
how?
Will redirect to paypal like proxy?
no, it will just block - you cannot redirect https