jifop
September 5, 2013, 2:48pm
1
Hey chaps! I’m hoping some wonderful person here might be able to shed some light on this for me!
I have a mikrotik with eth1/2 setup as a bridge with firewall turned on, I use this for traffic prioritization aswell as for monitoring but I want to use it to forward a specific through a squid proxy in order to log the sites visited on it. I have setup the squid and have tried manually adding the squid as a proxy on this machine and it works a treat however I can’t seem to get it to work when added through the tik
On the mikrotik
ip firewall nat add action=dst-nat dst-port=80 protocol=tcp src-address=10.0.1.1 to-addresses=10.0.0.14 to-ports=3128 chain=dstnat
Is there any reason this doesn’t work when explicitly setting it in network settings does?
Rudios
September 5, 2013, 8:23pm
2
jifop:
Hey chaps! I’m hoping some wonderful person here might be able to shed some light on this for me!
I have a mikrotik with eth1/2 setup as a bridge with firewall turned on, I use this for traffic prioritization aswell as for monitoring but I want to use it to forward a specific through a squid proxy in order to log the sites visited on it. I have setup the squid and have tried manually adding the squid as a proxy on this machine and it works a treat however I can’t seem to get it to work when added through the tik
On the mikrotik
ip firewall nat add action=dst-nat dst-port=80 protocol=tcp src-address=10.0.1.1 to-addresses=10.0.0.14 to-ports=3128 chain=dstnat
Is there any reason this doesn’t work when explicitly setting it in network settings does?
You should use action=redirect
jifop
September 5, 2013, 9:27pm
3
Doesn’t Redirect only redirect the port not route to an IP?
noib
September 6, 2013, 1:47pm
4
Confirming that redirect is what you need;
/ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=3128
jifop
September 6, 2013, 2:50pm
5
thanks but how will it know to point to 10.0.0.41?
noib
September 6, 2013, 3:01pm
6
Ah, the proxy is hosted on another machine? sorry I didn’t get that..
So i think you need 2 NAT rules; one for incoming traffic (from client to mikrotik) and one to outgoing traffic (mikrotik to proxy)
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=[PROXY_IP] to-ports=[PROXY_PORT]
add action=src-nat chain=srcnat disabled=no dst-address=[PROXY_IP] dst-port=[PROXY_PORT] protocol=tcp to-addresses=[ROUTERBOARD_IP_ON_PROXY_SIDE]
jifop
September 6, 2013, 4:03pm
7
sadly still no joy, maybe its because the routerboard is a bridge and my configuration is a bit odd
Network to monitor ===> Linksys NAT Router ===> Mikrotik bridge===> Internet
jifop
September 9, 2013, 2:51pm
8
I’m still struggling with this, I’ve even tried turning on web proxy with parent settings as per the squid server!
I’m still gettign page not responding errors! can anyone help?
jifop
September 10, 2013, 9:23am
9
Gave up on this eventually and set my windows DNS server to log all requests