How to Enable Web Proxy for 1 subnet

RouterOS General
1

Hi All,

I have 2 networks running on my MT> I want to apply web proxy to 192.168.10.0/24 only, but my other network which is 192.168.11.0/24 is also affected. below is my config.

enabled: yes
             src-address: 192.168.10.254
                    port: 8080
               anonymous: yes
            parent-proxy: 0.0.0.0
       parent-proxy-port: 0
     cache-administrator: Network Admin
          max-cache-size: unlimited
   max-cache-object-size: 2048KiB
           cache-on-disk: yes
  max-client-connections: 600
  max-server-connections: 600
          max-fresh-time: 3d
   serialize-connections: no
       always-from-cache: no
          cache-hit-dscp: 4
             cache-drive: system

How do I bypass 192.168.11.0/24 network from the webproxy?

I have tried adding

192.168.11.1 (gw) to allow, but there is no changes.

2

Inside your “/ip firewall nat” you should be redirecting all tcp traffic destine to port 80 currently to port 8080. You should be able to change that to only match certain src-address-list.

/ip firewall address-list
add address=192.168.10.0/24 list=PROXY_CLIENTS

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address-list=PROXY_CLIENTS to-ports=8080
3

Do you use it as a transparent proxy ? If you do then you have some firewall rule to redirect the http traffic to 8080 on your router. Just add src-address with 192.168.10.0/24 to that rule and it will redirect only this subnet.

4

Thank you for your reply. Yes its transparent proxy.


Is there anyway to bypass it from the web proxy itself?

The network 192.168.10.0/24 is for office use, so most of the unwanted sites are blocked (only work related websites allowed) on the other hand
192.168.11.0/24 is the living quaters network only porn sites are blocked.

Is there anyway to do this?

5

In your case if you need different sites blocked you need to redirect both networks to the proxy. I think you do that already.
And yes what you need is possible. You can specify different rules for different networks.
In the web proxy settings there is a tab called Access. There you specify what is allowed and what is denied to customers. Look around and I’m sure you will see how it is done. The order of rules is very important here.