Hi all,
We are using Mikrotik RB1100AHx2 as a proxy solution. And we are serving at least about 120 users. We are using VPN and a parent proxy from out ISP to access the internet via their VPN. The pronlem is that if users configured their web browser with the parent proxy they bypassed our Mikrotik (local proxy)!
Is there any configuration I need to to to prevent users from accessing the internet using the parent proxy?
Thanks.
/ip firewall nat
add action=redirect chain=dstnat comment="force my proxy" dst-port=3128,8080,80 src-address<your desired subnet> protocol=tcp to-ports=8080
-Chris
Thanks for your reply
I have a nat rule to redirect traffic to my proxy.
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
Do I have to create another one??? Can you explain more please?
Thanks..
Perfect. In this case, you just need to add the other ports (3128,8080) to the rule. So all outgoing traffic to (standard) proxy ports will be redirected as well.
-Chris
Thanks for all your efforts.
I added the ports to my nat rule, but I still can browse the internet by adding the parent proxy IP (10.10.10.10) and port (80) to my browser freely. Any ideas?
Thanks again.
Of course you can - but it is transparently redirected to your proxy.
-Chris
Thanks for your time.