Hi I am new to MikroTik so I need little help regarding your software.
So let’s get to the point, recently my company strengthened security policy and made censorship software really restrictive. Now may interesting websites are inaccessible using corporate laptop, company proxy returns message “this site is inappropriate for business use”.
Therefore I would like to bypass this censorship software using MikroTik router wAP LTE kit (RBwAPR-2nD&R11e-LTE) since most of time I work on LTE modem.
Here is a network diagram I prepared to depict the situation:
I know Linux and currently have 2 ideas:
- use squid on Linux router
e.g. make it redirect “http://legitimate-site-no1.com” to BestGore.com
- use NAT (DNAT) using iptables on Linux router
e.g. 192.168.0.123 => IP Address of BestGore.com
but both of them require configuration on Linux box (which is not that bad), but box with Linux is not that portable (I mean taking the box with you).
Therefore I am considering MikroTik wAP LTE kit but the question is whether it will allow me to achieve what I want? so please give me some feedback
I don’t think that you’ll get help here for compromising a corporate infrastucture.
Doing so is quite a reason to get fired.
-Chris
This is not a question about how to compromise company infrastructure, it is a question whether MikroTik router wAP LTE kit (RBwAPR-2nD&R11e-LTE) can be configured as flexible as any Linux distribution?
Couple times I bought device whose specification “contained” what I needed, but after starting configuring, it become clear that some features were missing and manufacturer support was not working as expected. This time I want to know whether device I am intend to buy supports features I need. I hope someone from MikroTik tech-support can give me some information … Unfortunately installing RouterOS on VirtualBox does not work “out of the box” and I cannot even see what configuration options are available (via GUI).
Well, the gear you listed is definitely capable of doing so.
I have at least two approaches in mind that will easily do what you want.
To test features and GUI, you might wish to visit http://demo.mt.lv/.
-Chris
I looked around available options and devised the following configuration:
[IP / DNS / Add New]
Name: ...... legitimate-site-no1.com
Address: ... 192.168.0.1
where 192.168.0.1 is IP address of MikroTik router.
[IP / Firewall / NAT / Add New]
Chain: .......... dstnat
Dst. Address: ... 192.168.0.1
Protocol: ....... tcp
Action: ......... dst-nat
To Addresses: ... {BestGore.com IP Address}
To Ports: ....... 80
I guess these settings will correspond to iptables command:
# iptables -t nat -A PREROUTING -d 192.168.0.1 --dport 12345 -j DNAT --to-destination {BestGore.com IP Address}:80
I believe when I type “legitimate-site-no1.com:12345” in my web-browser the request will be sent to “BestGore.com:80” by MikroTik router.
I also inspected [Web Proxy] and [Socks] menus but could not find suitable options to rewrite “legitimate-site-no1.com” to “BestGore.com”.
I am aware that adding port 12345 after host is not the fanciest solution, but I must somehow distinguish “censored hosts”. AFAIK RouterOS firewall does not have access to application level information (HTTP host header), but if it had I could use “legitimate-site-no1.com” host to distinguish “censored hosts” …