Web Proxy for small network

RouterOS General
1

Hi everyone,
i have a small network- at peak with 25 clients and i want to use web proxy but it seems from the tutorial that I’ve come acrossthe authors were working on a routerOs installed on a PC and not a routerboard.

If that is the case, how do i connect an external PC that will be caching content to a RouterBoard since an RB has small drive space and besides because of constant read/write need of Cache doesn’t make an RB a good candidate. my RB is 951-2n

Please I wouldn’t like to use squid though just the built-in web proxy from mikrotik.

thanks

2

http://forum.mikrotik.com/t/traffic-slow-with-webproxy-transparent/64095/1


*** just try to follow the rules & don’t copy-paste.


then give me feedback what do you want actually & send me your configuration



best regards

3

thanks for you input but am sorry to say that as a newbie to mikrotik, I couldn’t make much sense out of all those rules.

besides I couldn’t figure out at what point the thread showed that

  • an external drive was been connected and
  • cache been enabled and working

i was only able to read the "web Proxy’ section of the rule.

So if you could come down to my basic level and hold my hand I will really appreciate it.

thanks

4

ok.

I think your mikrotik product RB951-2n is not support any Memory card or Usb stick.
So you have to need an external PC that will be caching content. Otherwise you can’t do it.
Now you will make a Squid server or External Mikrotik Web proxy server for giving your client this type of service. I will suggest you how to built a web proxy server. just tell me what do you want ?



Best regards

5

I would rather like to go your suggestion and build an external mikrotik web server for caching instead of squid cache.


thanks and I will be counting on your guidance for that.

regards, max

6

if you want to build an external Mikrotik web server for caching,
so you have to need a pc which have P3 or P4 Processor, 2GB Ram, 2 hard disk
(one is for operating system & 2nd is for data caching), 2 Lan Card & Thermal casing.
then you will make a good web-proxy server.


best regards

7

Same HW config would result in a more capable squid-proxy-cache. As there is the opportunity to cache videos, for example. Or to improove disk-IO using aufs.

8

i have Mikrotik system in pc when i try web proxy it’s working fast but after some day’s come slow i disable web proxy internet back speed

i need to know web proxy in mikrotik bad or i have this problem only or need to make web proxy cache in another pc external and what configuration
i think the master pc have (2 LAN - 1WAN )
the second pc have 2 LAN

i’m right or wrong ??

9

@ ba7abak
Actually Mikrotik Web-proxy is a Basic proxy-server. Not for customization proxy service.
So Master pc have (1 LAN - 2 WAN )
the second pc have 2 LAN (if it’s Mikrotik)
Otherwise second pc have to need (1 Lan - 1 WAN) [for Squid server]

@ reinerotto
New user can not properly setup & maintaince squid-proxy-cache. But you can easy install Mikrotik Web-proxy in a single pc with load balancing & failover. Actually here is topic web proxy for small network & minimum user.

best regards

10

@dotnet:

New user can not properly setup & maintaince squid-proxy-cache.<
Users, new to Mikrotik, also can not properly set up a cache on MT :slight_smile:

But, in principle you are correct, that setting up mikrotik proxy is simpler compared to squid.
So for very small networks, MT proxy/cache can be good enough. In case of increasing no of users, with higher throughput demands, squid is definitely the better choice. Or, in case you need to save as much traffic as possible, when having an expensive or low-bandwidth WAN (satellite, mobile, ISDN etc.). Because then also you can add further services very easily, like content filtering or ad removal. Or caching dynamic content, like youtube. Impossible to be done with MTs cache.

11

@ reinerotto

Thanks. i know what is Squid/LUSCA (Nginx,Ruby,storeurl.pl)
if anyone want to advise from me, i will try to give him suggestion.


best regards

12

I have put countless number of hours in just getting ip-tables configuration to stay permanent after reboot of ubuntu yet all the online guide i’ve followed seems not to get it work. that’s why i don’ want to go through the squid ‘hussle’

but that was my first thought though

thanks.

13

I am wondering, why you had to fiddle around with iptables etc. I connected a MT-box to a squid-PC simply by defining the squid-PC to be an upstream (parent) proxy to the MT-proxy. This will force all http-traffic thru squid. squid-PC needs to be a router, too, of course.
It will be a hirarchical config then, MT to be the router (default gateway) for the LAN, not directly connected to WAN.
Then squid.conf can be more or less “default”, besides size of cache_dir.
Only usage of iptables I can image is for the protection of the ports of the squid-PC, to inhibit inbound connections from the WAN, besides port 22, basically.
So

LAN-with-clients-------MT-------------------squid-pc--------------------WAN
proxy (no cache) parent-proxy (cache)

Regarding special squid.conf: The forum to meet the “squid specialists” (like me :slight_smile: on
http://squid-web-proxy-cache.1019090.n4.nabble.com/
There you also get info from the developers, if necessary.

The path to follow:
Set up MT with http-proxy (without cache) for your clients first.
Setup squid-PC (without active squid) as a router.
Disconnect MT from WAN, connect MT to squid-PC, connect squid-PC to WAN
Then configure squid, incl. caching, modify MT-proxy to use squid-PC as upstream.

regarding iptables on ubuntu: As a “brutal hack” you can edit something like this into crontab:
@reboot /etc/iptables/firewall_up.sh

/etc/iptables/firewall_up.sh:
#!/bin/bash
#started after boot, so we have to wait a bit for the systems upstart to be completed
sleep 180
iptables …

Coming from Open-SuSE originally, I also used this, until I figured out the “elegant” method. I know your pain :slight_smile:

14

Please i have the hardware ready now. can you guide me to what to do next?

thanks,
max

15

@max

please install the Mikrotik Software in your pc. then you will active Web-proxy & activate your secondary hard disk for data caching.

Then what’s your method for your client pc’s ? I will solve your problem with your method or policy.
please show me your previous Router configuration.



best regards

16

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=Wan (Connected with Mikrotik & Proxy-server by Cross cable which is your Wan)

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping

/ip firewall nat
add action=redirect chain=dstnat disabled=no dst-port=80 in-interface=Local protocol=tcp to-ports=3128
add action=masquerade chain=srcnat disabled=no out-interface=Wan

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=25000KiB max-udp-packet-size=512 servers=8.8.8.8, 8.8.4.4

/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 3128
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: Dotnet
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 5000
max-server-connections: 5000
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: primary-slave


best regards

17

please tell me the effect of “always from cache”

18

@ karina

Don’t use “always from cache” for Mikrotik Web-proxy.
This is one kind of force command.
So it will be missing sometimes & user will be get an error page (By default).
Bcoz Mikrotik Web-proxy is a Basic Web-proxy.


Best regards

19

Thanks Dotnet, karma awarded for being helpfull

20

@ max

what about your Mikrotik-Proxy ?