miahac
February 22, 2008, 3:51pm
1
originally posted here http://forum.mikrotik.com/t/redirect-http-traffic-to-other-ether-interface/19157/1
I have RB 333 with wireless AP on WLAN1 and WLAN2 and Ether1. WLAN3 is public IP wireless bridge to a location T1 line. Clients connect with PPPoE and are assigned a public IP from the T1 IP range. Ether3 goes to a cable modem.
I am trying to dump http traffic to the cable modem. I have tried a simple policy route, http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_2.9.x but I think it does not work properly because the customers are not natted.
Any ideas?
–Edit I will pay $25 ransom via paypal for the best/first config.
If this works I will start posting other ransoms.
This quote is from the previous tread.
miahac:
sorry to hijack thread but I am perusing a similar goal maybe we can work together to solve both problems. I have RB 333 with wireless AP on WLAN1 and WLAN2 and Ether1. WLAN3 is public IP wireless bridge to a location T1 line. Clients connect with PPPoE and are assigned a public IP from the T1 IP range. Ether3 goes to a cable modem.
I am trying to dump http traffic to the cable modem. I have tried a simple policy route, http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_2.9.x but I think it does not work properly because the customers are not natted. I am wondering if the following is best?
/ip firewall mangle add chain=prerouting protocol=tcp dst-port=8080 action=mark-routing new-routing-mark=HTTP
passthrough=yes comment="" disabled=no
/ip route add gateway=x.x.x.x routing-mark=HTTP comment="HTTP Traffic" disabled=no
/ip route rule add src-address=0.0.0.0/0 table=HTTP action=lookup
/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0:0
cache-drive: system
cache-administrator: "webmaster"
max-disk-cache-size: none
max-ram-cache-size: none
cache-only-on-disk: no
maximal-client-connections: 1000
maximal-server-connections: 1000
max-object-size: 512KiB
max-fresh-time: 3d
/ip firewall nat
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
/ip firewall filter
chain=input in-interface=ether3 src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop
edit – One more thing. I do not care if http traffic reverses to public IP’s the publics are for things like vpn, voip etc.
I noticed that you are using the inbuilt proxy server of ROS. Then you need to place a routing mark on output of the router on port 80. The following codes should resolve the issue.
/ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing new-routing-mark=HTTP passthrough=yes comment="" disabled=no
/ip firewall mangle add chain=output protocol=tcp dst-port=80 action=mark-routing new-routing-mark=HTTP passthrough=yes comment="" disabled=no
/ip route add gateway=x.x.x.x routing-mark=HTTP comment="HTTP Traffic" disabled=no
/ip route rule add src-address=0.0.0.0/0 table=HTTP action=lookup routing-mark=HTTP
Replace your routing-mark mangle rules and policy routes with the codes above. Also remember to replace x.x.x.x with the appropriate gateway IP address.
miahac
February 23, 2008, 4:40pm
3
I was hoping to not use the build in proxy. I had just tried that to try to get the router to mask the public ip’s. It did not work. I will try out your config. If you have any other ideas let me know. Thanks.
My config should work with the inbuilt proxy enabled.
