Transparent Web proxy

RouterOS General
1

I keep getting this error: Dns Missing
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “prairienet.us
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: dns-missing
reserved-for-cache: 13309952KiB
reserved-for-ram-cache: 2048KiB

Where should the DNS Go?

2

Check IP → DNS. Setting button.

-Louis

3

Ok it says running now but …no clients/ requests or hits

enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: “dogsrusyep.us
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: stopped
reserved-for-cache: 13309952KiB
reserved-for-ram-cache: 2048KiB

Nothing really happens

4

Here is the link to the WIKI on how to set this up.

http://wiki.mikrotik.com/wiki/How_to_make_transparent_web_proxy

-Louis

5 
/ ip web-proxy 
set enabled=yes src-address=0.0.0.0 port=8080 hostname="proxy.domain.com" transparent-proxy=yes \
    parent-proxy=0.0.0.0:0 cache-administrator="webmaster@domain.com" \
    max-object-size=4096KiB cache-drive=system max-cache-size=none \
    max-ram-cache-size=unlimited

But…
Better use the webproxy-test package!

/ ip proxy 
set enabled=yes src-address=0.0.0.0 port=8080 parent-proxy=0.0.0.0:0 \
    cache-drive=system cache-administrator="webmaster@domain.com" \
    max-disk-cache-size=none max-ram-cache-size=none cache-only-on-disk=no \
    maximal-client-connections=1000 maximal-server-connections=1000 \
    max-object-size=4096KiB max-fresh-time=3d

If you want to cache pages. Just set max-disk-cache-size, max-ram-cache-size, cache-only-on-disk, max-object-size, max-fresh-time (see manual for details)

/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 in-interface="name of interface" action=redirect to-ports=8080




/ ip proxy access
add action=deny dst-host="www.domain.com" redirect-to="www.mydomain.com"

or

/ ip proxy access 
add path=:\\.bat\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.cmd\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.com\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.cpl\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.csh\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.exe\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.inf\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.lnk\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.msi\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.msp\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.reg\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.scf\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.scr\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.torrent\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.nzb\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.pls\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.mp\[3g\]\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.wm\[av\]\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.zip\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.rar\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.7z\$ action=deny redirect-to="www.mydomain.com"

Regards,
Mladen

6

Ok So
I’m getting the re-direct however
the page does not forward and load…

7

Actually with no Access rules at all… web traffic stops… completely

8

Help… It just does not work…
All my web traffic stops when using webproxy-test…
What would block the traffic?

status: running
uptime: 53s
requests: 1131
hits: 0
cache-used: 0KiB
ram-cache-used: 0KiB
total-ram-used: 541KiB
received-from-servers: 1613KiB
sent-to-clients: 1815KiB
hits-sent-to-clients: 0KiB

Note: hits-sent-to-clients: 0KiB

9

SRC-ADDRESS DST-ADDRESS PROTOCOL STATE TX-BYTES RX-BYTES

0 C 216.171.250.40 64.233.167.99 HTTP/1.1 waiting 0 864
1 S 64.233.167.99 216.171.250.40 idle 0 0
2 C 216.171.250.40 64.233.167.99 HTTP/1.1 waiting 0 879
3 S 64.233.167.99 216.171.250.40 idle 0 0
4 C 216.171.250.40 72.14.203.100 HTTP/1.1 waiting 0 917
5 S 72.14.203.100 216.171.250.40 idle 0 0
6 C 216.171.250.40 216.34.209.13 HTTP/1.1 waiting 0 374
7 C 216.171.250.40 212.150.236.70 HTTP/1.1 waiting 0 577
8 S 212.150.236.70 216.171.250.40 idle 0 0
9 C 216.171.250.40 212.150.236.70 HTTP/1.1 waiting 0 569
10 S 212.150.236.70 216.171.250.40 idle 0 0
11 C 216.171.250.40 212.150.236.81 HTTP/1.1 waiting 0 631
12 S 212.150.236.81 216.171.250.40 idle 0 0
13 C 216.171.250.40 212.150.236.80 HTTP/1.1 waiting 0 980
14 S 212.150.236.80 216.171.250.40 idle 0 0
15 C 216.171.250.40 72.14.203.91 HTTP/1.1 waiting 0 894
16 S 66.135.218.31 216.171.250.40 idle 0 0
17 S 72.14.203.91 216.171.250.40 idle 0 0
18 S 216.34.209.13 216.171.250.40 idle 0 0
19 C 216.171.250.40 216.34.209.13 HTTP/1.1 waiting 0 374
20 S 216.34.209.13 216.171.250.40

10

Check you configuration!

Check your proxy port 3124 or 8080

Check your redirect rule. In redirect rule “to-ports=” is your proxy port.

/ ip firewall nat add chain=dstnat protocol=tcp dst-port=80 in-interface=local2 action=redirect to-ports=8080

or

ip firewall nat add chain=dstnat protocol=tcp dst-port=80 src-address=192.168.0.0/16 action=redirect to-ports=8080
11

I have done the same configuration with Web-Proxy Test Package.

I am able to Drop websites using dst-host=www.xyz.com

But Not able to stop downloading

/ip proxy access
add path=:\.exe$ action=deny.

Still i can download EXE files…Please Help me how to stop.

ASHISH

12

I’ve successfully used the content=application/octet-stream field in the firewall filter to block .exe downloads if you dn’t win with the proxy settings…

13

Please explain me in details

14 
chain=prerouting action=mark-packet new-packet-mark=disallowed passthrough=no 
     content=application/octet-stream

As part of a longer list of rules to mark unwanted file types.