web proxy doesn't run properly

iviyan · April 28, 2016, 6:28pm

Hi,
I can’t make proxy running properly. When I set enable=yes its status on graphic interface shows “unknown”.
The terminal session shows:
[admin@MikroTik] /ip proxy> print
enabled: yes
src-address: ::
port: 8080
anonymous: no
parent-proxy: ::
parent-proxy-port: 0
cache-administrator: webmaster
max-cache-size: none
max-cache-object-size: 1000KiB
cache-on-disk: no
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 2d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-path: web-proxy

[admin@MikroTik] /ip proxy> monitor
status: passthru
uptime: 13m29s
client-connections: 13
server-connections: 11
requests: 239
total-ram-used: 702KiB
received-from-servers: 37283KiB
sent-to-clients: 37280KiB
hits-sent-to-clients: 0KiB
It works strange: when I set browser to use proxy on port 8080 (set nat transparent to 8080) the filtration of proxy works normal. I test with “redirect” one site to another. But when I uncheck proxy mark in browser internet still works but the filtration doesn’t.
I have tested it with three different routers os 6.27; 6.30 and 6.33 with the default settings and with my own settings – the result was the same. Board is RB941-2nd.

PP: I have 5.18 on PC and there everything is ok.
Any ideas?

ZeroByte · April 28, 2016, 6:35pm

Note that the proxy listens on port 8080. If you want to do transparent proxy, then you need to set a dstnat rule on traffic coming through from the LAN interface and action=redirect dst-port=80 → to-dst-port=8080

If you don’t do that, then the router just lets normal ol’ port 80 traffic right on through to the Internet and doesn’t try to proxy it.

iviyan · April 28, 2016, 6:39pm

Yes as i sed i have transparent proxy enabled:

chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=192.168.0.0/24 dst-port=80 log=no log-prefix=“”

I took it from mikrotik wiki

ZeroByte · April 28, 2016, 6:49pm

post your proxy filter rules - I’m not as experienced with proxy rules, but perhaps your rules are depending on the destination IP address and the fact that nat changes the destination address is causing the issue…

iviyan · April 28, 2016, 6:58pm

I have changed nat for transparent proxy as you said:

chain=dstnat action=redirect to-ports=8080 protocol=tcp in-interface=wifi-lan-bridge dst-port=80 log=no log-prefix=“”

and redirect start working as espected
The proxy status is still “unkwon” and respectevely in terminal:

[admin@MikroTik] /ip proxy> monitor
status: passthru
uptime: 7m54s
client-connections: 9
server-connections: 0
requests: 465
total-ram-used: 1394KiB
received-from-servers: 3027KiB
sent-to-clients: 3021KiB
hits-sent-to-clients: 0KiB
– [Q quit|D dump|C-z pause]

but it works normal !

Thanks very much!!!

pp: the rule in wiki isn’t correct mybe

ZeroByte · April 28, 2016, 8:52pm

No problem!

I just assumed that your WiFi lan is actually assigning 192.168.0.X to the hosts. If the WiFi lan uses some other range of IP addresses, then that would be the reason. I very much prefer interface-based rules over address-based rules for my own directly-connected networks.