Web Proxy NOT Working

safiullahtariq · May 23, 2015, 1:56pm

Hello All,

I need some help.
I have made web proxy and it seemed to work for a while but stopped working all together. I want to block all internet of all PCs except some website and some PCs (MAC addresses) will have open internet with no restriction.

Issue is, the specific websites that I need to open such as gmail etc, not open.

This is my complete code, please help

# may/22/2015 03:17:22 by RouterOS 6.24
# software id = MIFM-J9E5
/ip pool
add name=dhcp_pool1 ranges=192.168.0.100-192.168.0.250

/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether1 lease-time=8h name=\

/ip address
add address=192.168.0.1/24 comment="default configuration" interface=ether1 \
    network=192.168.0.0
add address=192.168.1.2/24 disabled=yes interface=ether11 network=192.168.1.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
    interface=ether11

/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8,192.168.1.1 gateway=192.168.0.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8

/ip firewall filter
add action=drop chain=input dst-port=8080 in-interface=ether11 protocol=tcp

/ip firewall nat
add action=masquerade chain=srcnat

add chain=dstnat comment="Admin PC" src-mac-address=00:21:9B:59:1C:EE

add action=jump chain=dstnat dst-port=80 in-interface=ether11 jump-target=\
    http_proxy_check protocol=tcp
add action=return chain=http_proxy_check src-mac-address=5C:26:0A:82:0D:AC
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
add action=redirect chain=dstnat protocol=tcp to-ports=8080
add action=redirect chain=dstnat protocol=udp to-ports=8080

/ip proxy
set max-cache-size=4096KiB parent-proxy=0.0.0.0

/ip proxy access
add action=allow dst-host=:gmail
add action=allow dst-host=:google
add action=allow dst-host=:fbr.gov.pk
add action=allow dst-host=:mail
add action=allow dst-host=:lesco
add action=allow dst-host=:tcscouriers
add action=allow dst-host=:sngpl.com.pk
add action=allow dst-host=:fbr
add action=allow dst-host=:wapda
add action=deny dst-port=80
/ip route
add distance=1 gateway=ether11
add disabled=yes distance=1 gateway=192.168.1.1

/ip upnp
set enabled=yes

Again, the issue is, either it blocks everything completely, or open completely for the specific MAC address I give it. I want only few sites to be opened but it doesnt.

IM STUCK

Please help
Regards,

Safiullah

rextended · May 24, 2015, 4:29pm

last two nat rule redirect all traffic, also the DNS traffic to proxy
the proxy is only http proxy, not work on this way,
and also you can not filter any httpS traffic like google, facebook, gmail, etc.