TRANSPARENT WEB PROXY WITH NTH BASED LOAD BALANCING

mfaheemkhan6 · November 10, 2010, 4:51pm

Hi Dears!
I am having a problem with my mikrotik router OS.
I have v 2.9.27
Previously I have 2 Ethernets 1 for LAN and other for DSL. every thing is going smooth.
Then now I have add an other DSL with another Ethernet port and configure nth based load balancing. Every thing is well except transparent web proxy. when I add dstnat rule for web proxy my clients can not access the internet. They receive an error page telling that web page can not loadid contact your web proxy cache admin. Now when I disable this firewall rule they are able to brows. I need help to solve this issue. Please help me.

usmans · November 11, 2010, 9:37pm

post ur configuration
and upgrade to latest version.
and by the way r u from pakistan
As for the webpoxy it is simple. First you need
to configure the webproxy as follows:

enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: 12000000KiB
max-ram-cache-size: none
status: running
reserved-for-cache: 11999232KiB

after that you need a NAT rule which will redirect all trafic on port 80 to the port
specified on the web-proxy, in this case the 8080. Do as follows:

Web-Proxy
chain=dstnat in-interface=LAN dst-address=!192.168.1.1 protocol=tcp
dst-port=80 action=redirect to-ports=8080

Notice that I have exluded the local IP 192.168.1.1 from the web-proxy.
This is the IP of the router which looks like it doesn’t work with web-proxy
enabled. This is it.
Also remember that there is a limit in the cache limit size which depends
on the RAM size. Every 1MB of RAM is equal to 1GB of disk space.

mfaheemkhan6 · November 14, 2010, 2:30pm

Thanks for Your Kind response. Yes you are right me from Lahore Pakistan. I am using virsion 2.9.27 of mikrotik These are my configuration working absolutly fine with two wan conections but without web proxy. I need web proxy too.

/ ip address 
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=LAN comment="" \
disabled=no 
add address=192.168.20.3/24 network=192.168.20.0 broadcast=192.168.20.255 interface=WAN20 \
comment="" disabled=no 
add address=192.168.30.102/24 network=192.168.30.0 broadcast=192.168.30.255 interface=WAN30 \
comment="" disabled=no


/ ip firewall mangle
add chain=prerouting in-interface=LAN connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no 
add chain=prerouting in-interface=LAN connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no 
add chain=prerouting in-interface=LAN connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no 
add chain=prerouting in-interface=LAN connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no 


/ ip firewall nat 
add chain=srcnat connection-mark=odd action=src-nat to-addresses=192.168.20.3 \
to-ports=0-65535 comment="" disabled=no 
add chain=srcnat connection-mark=even action=src-nat to-addresses=192.168.30.102 \
to-ports=0-65535 comment="" disabled=no 


/ ip route 
add dst-address=0.0.0.0/0 gateway=192.168.20.100 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no 
add dst-address=0.0.0.0/0 gateway=192.168.30.100 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no 
add dst-address=0.0.0.0/0 gateway=192.168.30.1 scope=255 target-scope=10 comment="" \
disabled=no

Is the below setup possible

in the image above
M1= Modem 1
M2= Modem 2
MT= Mikrotik
Squid= Linux Based Squid
Switch= Simple TP-Link switch
Clintes= Clintes on Local network for internet service.

usmans · November 14, 2010, 7:23pm

Urdu Language
Assalam-O-Alaikum
aap k route ki configuration

ip route
add dst-address=0.0.0.0/0 gateway=192.168.20.100 scope=255 target-scope=10 routing-mark=odd
comment=“” disabled=no
add dst-address=0.0.0.0/0 gateway=> 192.168.30.100 > scope=255 target-scope=10 routing-mark=even
comment=“” disabled=no
add dst-address=0.0.0.0/0 gateway=> 192.168.30.1 > scope=255 target-scope=10 comment=“”
disabled=no

yeh change kiu hai?
mai ny loadbalancing k sath kabhi web proxy configure nahi ki lkin phir b mai khuch mangle configuration post kar raha ho shyd is sy aap ki problem solve ho gy

ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=proxy passthrough=no in-interface=LAN connection-mark=odd
ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=proxy passthrough=no in-interface=LAN connection-mark=even

i hope aap ki problem solve ho gy gi
agar app external squid server caonfigure karna chahty hai to yeh wiki read kary.
http://wiki.mikrotik.com/wiki/How_to_use_external_open_source_caching_server
aur aap pcc loadbalancing kiu nai configure karty.its more advance and better.

mfaheemkhan6 · November 15, 2010, 11:39pm

Thanks for yor reply. I had tried it but with no success. When I add any mangle rule or dstnat rule into my currunt configuration web browsing stoped.
If you please give me some step by step guide line for squid installation? I will be very thankfull to you. In pk it is very hard to get knowledge when you are doing a job too.. Too much frustrated life. Please help me because I have no any knowledge about Linux. Can you please meet me. mera no 332-4647347 he ymail ki id yehi he mfaheemkhan6 if possible please contact with me.