Hello all,
I need some help in setting up a new network I am working on.
There where 2 separete Lan’s, with 2 separate gateways. Both gateways, required proxy settings in user’s browser,in order to access the internet.
I’ve putted an RB450G behind those 2 gateways and made the two separete lan’s, to one. No, all the hosts are connecte to RB450G.
I’ve made the PCC load balancing, according to this article http://wiki.mikrotik.com/wiki/Manual:PCC which i’ve used again in other networks and works fine.
In this particular network I am working on now, I want the RB450G to act as transparent proxy.So I set it up according to this article http://wiki.mikrotik.com/wiki/How_to_make_transparent_web_proxy
In the field where u can write a parent proxy, I entered the details of the proxy that the clients where using in their browser settings.
Now, the clients, if they don’t have this proxy’s details in their settings, they cannot access the internet. Only if they have parent’s proxy settings in the browser can access internet(load balancing works fine).
below is the conf of
ip firewall mangle and nat, in case someone can find any mistake and help me…
I’ve also read this article which looks similar to mine..
http://forum.mikrotik.com/t/transparent-proxy/55535/1
Thnks.
Interface 1: LAN
Interface 2(wan1): Syz - Dimarxeio
Interface 3(wan2): Syz - KEP
[admin@RB450G - Dimarxeio] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=LAN
1 chain=srcnat action=masquerade out-interface=Syz-Dimarxeio
2 chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=Syz-KEP
3 chain=dstnat action=redirect to-addresses=0.0.0.0 to-ports=8080
protocol=tcp in-interface=LAN dst-port=80
[admin@RB450G - Dimarxeio] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=accept dst-address=10.64.132.0/30
in-interface=LAN
1 chain=prerouting action=accept dst-address=10.64.132.0/30
in-interface=LAN
2 chain=prerouting action=accept dst-address=10.66.56.0/24
in-interface=LAN
3 chain=prerouting action=mark-connection new-connection-mark=SD_conn
passthrough=yes in-interface=Syz-Dimarxeio connection-mark=no-mark
4 chain=prerouting action=mark-connection new-connection-mark=SK_conn
passthrough=yes in-interface=Syz-KEP connection-mark=no-mark
5 chain=prerouting action=mark-connection new-connection-mark=SD_conn
passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark
per-connection-classifier=both-addresses:2/0
6 chain=prerouting action=mark-connection new-connection-mark=SK_conn
passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark
per-connection-classifier=both-addresses:2/1
7 chain=prerouting action=mark-routing new-routing-mark=to_SD
passthrough=yes in-interface=LAN connection-mark=SD_conn
8 chain=prerouting action=mark-routing new-routing-mark=to_SK
passthrough=yes in-interface=LAN connection-mark=SK_conn
9 chain=output action=mark-routing new-routing-mark=to_SD
passthrough=yes connection-mark=SD_conn
10 chain=output action=mark-routing new-routing-mark=to_SK
passthrough=yes connection-mark=SK_conn