I started using web proxy in 3.16 in transparent mode to block some sites, but some sites dont even load, http://www.canada411.ca, some hotmail sites, etc just sit there waiting, any way to fix this?
Note that some sites are noncachable!
I dont have cache enabled. Just proxy.
bump.
No one knows?
I have come across 10 sites that dont load (just get stuck loading). I cant be only one with problem, my customer is upset, all I need web proxy for is blocking sites, I dont even want caching, there is no way to input sites so they go direct. I had to turn off web proxy because of soo many sites not loading, this is bad bug!
paste your NAT configuration and access list rules.
/ip firewall nat
add action=redirect chain=dstnat comment=“Web Proxy” disabled=yes dst-port=80 in-interface=LAN protocol=tcp to-ports=8080
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=“MLPPP Bundle”
add action=dst-nat chain=dstnat comment=“Zetetic SSH To-22” disabled=no dst-port=65535 protocol=tcp to-addresses=192.168.1.166 to-ports=22
add action=dst-nat chain=dstnat comment=DVR disabled=no dst-port=3000-3010 in-interface=“MLPPP Bundle” protocol=tcp to-addresses=192.168.1.50
add action=dst-nat chain=dstnat comment=DVR disabled=no dst-port=5900 in-interface=“MLPPP Bundle” protocol=tcp to-addresses=192.168.1.50
add action=dst-nat chain=dstnat comment=DVR disabled=no dst-port=99 in-interface=“MLPPP Bundle” protocol=tcp to-addresses=192.168.1.50
add action=dst-nat chain=dstnat comment=“HTTPS Online Banking” disabled=no dst-port=443 in-interface=“MLPPP Bundle” protocol=tcp to-addresses=192.168.1.166
add action=dst-nat chain=dstnat comment=“PC Anywhere” disabled=no dst-port=5631 in-interface=“MLPPP Bundle” protocol=tcp to-addresses=192.168.1.17
add action=dst-nat chain=dstnat comment=“PC Anywhere” disabled=no dst-port=5632 in-interface=“MLPPP Bundle” protocol=udp to-addresses=192.168.1.17
/ip proxy
set always-from-cache=no cache-administrator=support@hccu.on.ca cache-hit-dscp=4 cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=1000
max-fresh-time=3d max-server-connections=1000 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip proxy access
add action=deny comment=“” disabled=no dst-host=www.youtube.com
add action=deny comment=“” disabled=no dst-host=*cdn.nhl.com
add action=deny comment=“” disabled=no dst-host=*download.com
add action=deny comment=“” disabled=no dst-host=get.live.com
add action=deny comment=“” disabled=no dst-host=join.msn.com
add action=deny comment=“” disabled=no dst-host=login.yahoo.com
add action=deny comment=“” disabled=no dst-host=messenger.yahoo.com
add action=deny comment=“” disabled=no dst-host=*officepools.com
add action=deny comment=“” disabled=no dst-host=www.google.com/analytics
add action=deny comment=“” disabled=no dst-host=www.wned.org
add action=deny comment=“” disabled=no dst-host=lavalife.com
add action=deny comment=“” disabled=no dst-host=limewire.com
add action=deny comment=“” disabled=no dst-host=mail.google.
add action=deny comment=“” disabled=no dst-host=my.starware.com
add action=deny comment=“” disabled=no dst-host=my.weatherstudio.com
add action=deny comment=“” disabled=no dst-host=napster.
add action=deny comment=“” disabled=no dst-host=now.elogua.com
add action=deny comment=“” disabled=no dst-host=rss.news.yahoo.com
add action=deny comment=“” disabled=no dst-host=.canadianstarship.com path=“”
add action=deny comment=“” disabled=no dst-host=*conduit.com
add action=deny comment=“” disabled=no dst-host=*electronicuniversity.com
add action=deny comment=“” disabled=no dst-host=*freedomcrackers.com
add action=deny comment=“” disabled=no dst-host=*icq.com
add action=deny comment=“” disabled=no dst-host=*militaryworld.com
add action=deny comment=“” disabled=no dst-host=*neave.com
add action=deny comment=“” disabled=no dst-host=*silverladybug.com
add action=deny comment=“” disabled=no dst-host=*standardbredcanada.ca
add action=deny comment=“” disabled=no dst-host=tsn.
add action=deny comment=“” disabled=no dst-host=*volleyballwizard.com
add action=deny comment=“” disabled=no dst-host=*wilton.com
add action=deny comment=“” disabled=no dst-host=*facebook.com
add action=deny comment=“” disabled=no dst-host=login.live.com
add action=deny comment=“” disabled=no dst-host=*hotmail.com
http://www.cumis.com doesnt load and they need that one, anyone else running web proxy able to test this site?
Use an external cache it’s better solution if you have a lot clients.
problem was fixed!
was needing to mangle MSS (for multilink DSL MSS and MTU are set optimally for forward chains)
I needed to set MSS mangle for output chain! works now!
/ip firewall mangle
add action=change-mss chain=output comment=“” disabled=no new-mss=1402 protocol=tcp tcp-flags=syn tcp-mss=1403-65535
Does not work for me, I could make? :S Thanks.