Hi mates, I've problems reaching a radio stream on one PC, I need this PC uses gateway as usual for all programs, on the radio program (Foobar 2000) I would activate proxy and indicate Mikrotik as Proxy, on Mikrotik I would forward all the proxy requests into a VPN on another remote Mikrotik, to make the streaming work.
Can you please explain me how to do it? To create a VPN for me is not a problem, I need to teach the Proxy to NAT requests to another source IP, then I'll mangle this IP into a VPN.
I have no ways to now which source TCP/UDP port Foobar uses, if so I could mangle it directly, I have just the option to use proxy, to distinguish the radio stream requests instead of other requests..
Maybe instead of the proxy solution, you can try what described here:
https://superuser.com/a/1713080
Add a 2nd IP address to your PC (in the same subnet); Use that tool to force Foobar2000 to use that 2nd IP address; On your router, add a routing rule (no mangle needed) with src-address condition to force all packets originating from that IP address to use the alternative routing table.
Thnak you mates, use a second IP and ForceBindIP to load Foobar2000 to use that second IP it's an interesting approach )
Anyway I believe there is a way to route the outbund traffic of mikrotik's proxy through VPN..
I've tried to mangle with output and postroute but I haven't succeded, AI suggest to greate a tunnel IP-GRE, then mangle it, I'm figuring out how..
Does somebody know how can I mangle packets exit from web proxy? I've defined an IP for the interface lo, and I specified that IP as proxy into Foobar, it works
I don't want to use an external proxy at the moment, anyway I have to vincolate that machine to use always VPN, and I don't want to spend a whole machine only for this purpose
it looks like proxy loves to output packets on the default route with tcp source 8080 (I'm using 8080 as listening proxy port), so I can mangle this and route to VPN, it works, but on VPN interface I have the source IP of default route instead of the source IP of VPN.. and i can't srcnat that.. neither mangle packets
You can mangle it in ip/firewall/mangle. You can NAT it in ip/firewall/nat.
Yes, the packets generated by the proxy service don't have any routing mark on creation, and are routed (by default) according to the "main" table.
I probably didn't get your question, but In a web-proxy on MT you can set src-address of your VPN interface and/or use PBR or mangle to route this into the right direction, can't you?
Thank you for your replies, there is no source address option available on web proxy, maybe there are terminal commands about that that aren't available on Winbox?
Yes it uses the default route and it looks impossible to mangle/mark the output of the proxy. Does someone have any idea? Thank you!
I might be misunderstanding the question, but could you make proxy on Mikrotik use VRF (non-main routing table), and setup appropriate routing in it?
(If proxy is used for other reasons, then this becomes a problem, as Mikrotik does not allow several instances of proxy with different VRFs.)
Hi mate, I don't know how to do it, I have only one instance of proxy, and I need to forwards traffic to another default route (VPN), which has bigger metric and use it with mangle>mark routing.
Thanks [IlKa], I was thinking that was the host enabled to access proxy, I've specified the IP address of the interface I want to use, but it doesn't help. Ininfluent, the proxy works as before through the default route. Any IP address specified there hasn't any impact, ininfluent, strange. I typed a random IP 10.3.2.5 and proxy keeps working.
Nevermind, I think you're talking about http proxy (/ip/proxy), and it does not support VRF. SOCKS proxy (/ip/socks) supports VRF, but foobar2000 does not support SOCKS.
Do you know the IP address of the radio? Why you cannot create a route for this IP (X.X.X.X/32) through VPN instead of default (0.0.0.0/0) route with a lower metric? Then mangling or ip rules would be unnecessary.
src-address (Ip4 | Ip6; Default: 0.0.0.0)
A proxy will use a specified address when connecting to the parent proxy or website. If set to 0.0.0.0 then the appropriate IP address will be taken from the routing table.
Use PBR
/ip/route/add routing-table=for_proxy dst-address=0.0.0.0 gateway=1.2.3.4
/routing/rule/add src-address=PROXY_SRC_ADDR action=lookup-only-in-table table=for_proxy
1 Like
Im sure it will work but it has 2 problems, if the streams will change IP I'll need to correct it, and if any other connection is directed to that IP, all other devices in network will be forced to use VPN. This is not a really "clean" solution, I would like to use proxy..
/routing/rule/add src-address=PROXY_SRC_ADDR action=lookup-only-in-table table=for_proxy
Interesting, I've tried it, as the result I see rewuests to proxy and answers on the VPN interface, this i what I got when used mangle prerouting, with mark route on the VPN interface.
To explain myself better, thin I have IP X on LAN asling to proxy Y (it's not on the LAN, it's a loopback IP on router (/32), then I have IP Z which is the router's IP on VPN interface.
WHen this command is enable I torch the VPN interface and I have requests of X:very high TCP port directed to Y:8080, this is the input of proxy, while I need to deal with the output of proxy.
May you please have a try? even if you don't have a valid VPN interface you can create one and assign it as default gateway with bigger metric, then you assign it to a routing table. Create a loopback IP and activate web proxy, then set yoru browser to use that proxy.
Create the routing roule you suggested and torch the new interface, you should see thise packets as I described..
Thank you!
If you don't want to use the tool on the client device, and still want to use a HTTP proxy, maybe just run a tinyproxy or nginx (configured as forward HTTP proxy) container on the router. You then have full control of the IP address (of the VETH interface).
thanks, this can be a solution, I have on the network an AC3 router which I suppose can do the job.
Anyway I hope the argument is interesting, and I hope it may appear somebody who can show a solution, or simply tell us that web proxy is not structured to be accessible by mangle or routing rules, so it will always forward to the less metric default route.
Chances are, I'll need in future to redirect another Foobar with proxy to a VPN, so having a less impact easy solution ready will be really useful
Thanks again