Hi,
Since i have started using transparent proxy feature on mikrotik some of the ip adresses of my public subnet are being reportad as open proxy on the Blitzed Open Proxy monitor List.
the reason is : port 80 HTTPPOST
I have taken all the security measures to asure that i have blocked any access from aoutside of the proxy as described on MT documentation, but still…
Any one having this problem, and any solution to it???
thanks in advance
Urim Junuzi.
I had the same situation and follow some settings in the manual … then ok.
First, try this one http://nospam-pl.net/op.php
I can’t really read it, but it can effectively test your IP on exactly this problem.
The Spam-replay protection at http://www.mikrotik.com/docs/ros/2.8/howto/howto
worked for me.
Hi,
Thanks for your reply.
I did the all sercurity things in that document just after i started using proxy, but still i get my adressess listed in Blitzed Open Proxy monitor List.
On the link that you gave me i tried my adresses and i get ‘no proxies found’.
My users adreses are reported as open proxy by couple of IRC servers.
How can i stop ip adresses behind MT box get listed on Blitzed Open Proxy monitor List?
Go ti IP > Web Proxy and in access list allow only your network and deny everithing else!! Then everything will be ok.
This is so called opened proxy 
so people can use your proxy for hacking and lot of terrible things
Cheers…
Go ti IP > Web Proxy and in access list allow only your network and deny everithing else!! Then everything will be ok.
This is so called opened proxy so people can use your proxy for hacking and lot of terrible things
Allready done that in the begining:
This is my access list :
0 ;;; allow CONNECT only to SSL ports 443 [https] and 563 [snews]
src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-port=!443,563 url=“”
method=connect action=deny
1 ;;; allow CONNECT our private adressess
src-address=192.168.1.0/24 action=allow
3 ;;; allow CONNECT our public adressess
src-address=x.y.z.0/24 action=allow
4 ;;; Deny using us as telnet and SMTP relay
dst-port=23-25 action=deny
5 ;;; Deny everything else
action=deny
1.First rule (addedd by default) is denying everything thats not in port 443 and 563.
2. Second rule alows my private network.
3. Third rule Alows my public network.
4. Forth rule Denys ports 23-25 , but i think this rule is just siting there doing nothing, cose all the ports exept 443, and 563 was allready denied on the first rule.
5. Last rule denies everything else.
Do you see any think that i need to correct on this access list???
thanks
Hm, I don’t see anything wrong except maybe you should remove rule 3.
Note that you must remove your proxy from Blitzed Open Proxy monitor List.
Sometimes it takes more than 24 hours to be removed.
Easiest way to test is your proxy opened is to try use it from some other network.
Cheers…
No no , i cant remove the rule number three. if i do that than my public ip adresses will not access the proxy, i used x.y.z.0/24 instead of the real adresse that is my public i subnet.