I can't seem to get the transparent proxy feature working on our MT.
I've followed the documentation with no luck.
Basically we have a box with 2 nics.
Works perfectly as a gateway, internal address range gets nat'd out the external interface.
No special rules atm.
I've setup the web proxy, works perfectly when the client puts the proxy address in their browser, eg, 192.168.0.1 8080
We want to take it one step further now and make it transparent, so the users don't need to make any changes on their browser.
I followed the documentaion here: http://www.mikrotik.com/docs/ros/2.8/ip/webproxy.content
Transparent section, but it does not work.
I've tried ticking the box in winbox "transparent proxy", still no joy.
I'm sure it's something simple, any ideas ?
Some more info:
====================================
[admin@MikroTik] > /ip web-proxy export
feb/24/2005 07:44:33 by RouterOS 2.8.24
software id =
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="proxy"
transparent-proxy=no parent-proxy=0.0.0.0:0
cache-administrator="webmaster" max-object-size="200000 kB"
cache-drive=system max-cache-size=10000
/ ip web-proxy access
add dst-port=!443,563 method=connect action=deny comment="allow CONNECT only
to SSL ports 443 [https] and 563 [snews]" disabled=no
/ ip web-proxy cache
add url="cgi-bin \?" action=deny comment="don't cache dynamic http pages"
disabled=no
[admin@MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp
dst-address=!192.168.0.1/32:80 action=redirect to-dst-port=8080
Keep the ‘Transparent Proxy’ checked
Change the name=ether1 to the name of your particular LAN Card.
Best way is to copy the above section into notepad, change the name of the LAN Card, then copy/paste it into the Terminal in Winbox - saves you typing it all in.
[admin@MikroTik] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 in-interface=inside dst-address=!192.168.0.1/32:80 protocol=tcp action=redirect to-dst-port=8080
[admin@MikroTik] ip firewall dst-nat>
