Web proxy settings question

Wyz4k · March 15, 2010, 9:26am

Hi there,

I am hoping that somebody can explain why the bottom three values don’t seem to add up.

Shouldn’t “Received From Servers” + “Hits Sent to Clients” = “Sent To Clients”?

On my example:
12 376 805 + 893 614 = 13 270 419 and that is not equal to 13 935 644.

Can somebody show me where I am going wrong?
web proxy settings.jpg

pcglobelb · March 15, 2010, 9:49am

you are not going wrong at no place. but aren’t you running any filter rule ? aren’t u droping packets somewhere?

Wyz4k · March 15, 2010, 10:08am

Yes we are blocking a few sites and also preventing external access to the proxy. But the sites are blocked on the outgoing route already and I can’t see how that could amount to about 700MB of traffic.

pcglobelb · March 15, 2010, 10:14am

i jsut made a simple calculation from my side and the numbers are 100% exact…
paste your filter rules there should be a trap somewhere

Wyz4k · March 15, 2010, 11:11am

/ip proxy access> print
Flags: X - disabled

DST-PORT DST-HOST PATH METHOD ACTION HITS

0 ;;; allow connect only to SSL ports 443 (https) and 563 (snews)
!443,563 CONNECT deny 81
1 site… deny 0
2 site… deny 117
3 site… deny 25
4 site… deny 0
5 site… deny 1632
6 site… deny 4
7 site… deny 0
8 site… deny 8
9 site… deny 0
10 site… deny 0
11 site… deny 1
12 site… deny 0
13 site… deny 0
14 site… deny 0
15 site… deny 0
16 site… deny 4509
17 site… deny 0
18 site… deny 0
19 site… deny 0
20 site… deny 8669
21 site… deny 0
22 site… deny 0
23 site… deny 0
24 site… deny 0
25 site… deny 0
26 site… deny 0
27 site… deny 3
28 site… deny 2
29 site… deny 0
30 site… deny 4
31 site… deny 0
32 site… deny 0
33 site… deny 0
34 site… deny 0
35 site… deny 0
36 site… deny 8
37 site… deny 808
38 ;;; Do not allow server1 to communicate directly with checkip.dyndns.or…
checkip.dynd… deny 0
39 ;;; Do not allow server2 to communicate directly with checkip.dyndns.or…
checkip.dynd… deny 1515
40 ;;; Do not allow server3 to communicate directly with checkip.dyndns.org…
checkip.dynd… deny 7549
41 ;;; Do not allow server4 to communicate directly with checkip.dyndns…
checkip.dynd… deny 0
42 *.mp3 deny 725
43 *.wav deny 41
44 *.midi deny 0
45 *.mdi deny 1
46 *.dat deny 485
47 *.mpg deny 0
48 *.avi deny 0
49 *.torrent deny 1
50 *.nzb deny 0
51 ;;; allow all internal users access to the proxy
allow 1314561
52 ;;; allow VPN users access to proxy
allow 0
53 site… allow 0
54 site… allow 0
55 ;;; deny everybody else
deny 254

pcglobelb · March 15, 2010, 11:33am

are you using parent proxy or just mikrotik’s proxy?

pcglobelb · March 15, 2010, 11:36am

i suggest you use /ip firewall filter to drop what you want to drop
in all cases i beleive your webproxy is working properly and there is a small trap somewhere
if you have public ip on ur mt i would connect with a read only user to check it out

Wyz4k · March 15, 2010, 11:43am

We only use the MT proxy. We have a separate set of rules in the firewall which governs all connections and not just web proxy rules. It would not be practical to move all of these rules to the firewall section.

If the rules were the problem it would make sense to me that “Received From Servers” + “Hits Sent to Clients” exceed “Sent To Clients”, but this is not the case. Somehow more data is being sent to the clients than received from servers + cache.