Here is the scenario;
My client has an OpenWRT with bridged PPPoE ADSL CPE providing Internet from an ISP that cannot be accessed/removed/changed.
My client also has a problem with his staff web surfing.
Solution.
OpenWRT = 172.16.0.1/12
RB750 = 172.16.0.2/12
Here’s the configuration for the RB750, which is then connected ‘between’ the OpenWRT and staff.
/interface bridge
add name=“bridge1”
/interface bridge port
add interface=ether1 bridge=bridge1
add interface=ether2 bridge=bridge1
add interface=ether3 bridge=bridge1
add interface=ether4 bridge=bridge1
add interface=ether5 bridge=bridge1
/interface bridge settings
set use-ip-firewall=yes
/ip address
add address=172.16.0.2/12 broadcast=172.31.255.255 disabled=no interface=bridge1 network=172.16.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=30 target-scope=10
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no dst-port=80 new-connection-mark=http_conn passthrough=yes protocol=tcp add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no new-packet-mark=http passthrough=no
/ip firewall nat
add action=redirect chain=dstnat disabled=no packet-mark=http protocol=tcp to-ports=3128
/ip proxy
set enabled=yes
set src-address=0.0.0.0
set port=3128
set parent-proxy=0.0.0.0
set parent-proxy-port=0
set cache-administrator=webmaster
set max-cache-size=none
set cache-on-disk=no
set max-client-connections=1000
set max-server-connections=1000
set max-fresh-time=3d
set always-from-cache=no
set cache-hit-dscp=4
set serialize-connections=no
/ip proxy access
add action=deny disabled=no dst-host=www.facebook.com
No more staff web surfing 