Web Proxy

jamiewatson69 · August 4, 2010, 2:27pm

Hi all,

I am using the web proxy to try and block sites such as facebook. I want to use transparent proxying but I cannot even get it working non transparently. I always get this error;

While trying to retrieve the URL http://www.google.co.uk/:\

•DNS resolving failed

You can actually resolve addresses via the routerboard!

Any ideas?
Thanks
Jamie

Chupaka · August 10, 2010, 1:56pm

check your “/ip dns” settings

jamiewatson69 · August 10, 2010, 2:25pm

Looks fine from what I can see…

set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=217.169.20.20,217.169.20.21

Chupaka · August 10, 2010, 8:07pm

and what does ‘/ping www.google.co.uk’ in Terminal say?

jamiewatson69 · August 10, 2010, 9:16pm

It resolved no problem! Cannot think what else it will be!

Chupaka · August 11, 2010, 1:42am

hmmm… what version of ROS? and post your firewall config…

jamiewatson69 · August 12, 2010, 11:56am

Hiya, I have tested the ping again and I get;

invalid value for argument address

I wonder if that is to do with firewall rules maybe??? How do I ensure that the Mikrotik itself can send DNS requests? Here is my firewall conf;
/ip firewall filter
add action=drop chain=forward comment=“Block "bogon" IP addresses "
disabled=no src-address=0.0.0.0/8
add action=drop chain=forward comment=”" disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward comment=“” disabled=no src-address=127.0.0.0/8
add action=drop chain=forward comment=“” disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward comment=“” disabled=no src-address=224.0.0.0/3
add action=drop chain=forward comment=“” disabled=no dst-address=224.0.0.0/3
add action=jump chain=forward comment=“Jumps to new chains” disabled=no
jump-target=tcp protocol=tcp
add action=jump chain=forward comment=“” disabled=no jump-target=udp
protocol=udp
add action=jump chain=forward comment=“” disabled=no jump-target=icmp
protocol=icmp
add action=accept chain=icmp comment=“drop invalid connections” disabled=no
icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment=“allow established connections”
disabled=no icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment=“allow source quench” disabled=no
icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment=“allow time exceed” disabled=no
icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment=“allow already established connections”
disabled=no icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment=“allow parameter bad” disabled=no
icmp-options=12:0 protocol=icmp
add action=accept chain=icmp comment=“allow echo request” disabled=no
icmp-options=8:0 protocol=icmp
add action=drop chain=icmp comment=“deny all other types icmp” disabled=no
add action=drop chain=tcp comment=“accept stateful trarffic”
connection-state=invalid disabled=no protocol=tcp
add action=accept chain=forward comment=“” connection-state=established
disabled=no
add action=accept chain=forward comment=“” connection-state=related disabled=
no
add action=accept chain=forward comment=“Traffic between subnets” disabled=no
dst-address-list=local-networks src-address-list=local-networks
add action=accept chain=tcp comment=“Allow basic traffic out TCP” disabled=no
dst-port=3389,80,443,20-21,82,87-99,104,3000,25,1723,110,3391,1433
protocol=tcp src-address-list=local-networks
add action=accept chain=udp comment=“Allow basic traffic out UDP” disabled=no
dst-port=123 protocol=udp src-address-list=local-networks
add action=accept chain=forward comment=“Allow all server traffic out”
disabled=no src-address-list=servers
add action=accept chain=tcp comment=“Server bound traffic” disabled=no
dst-address=192.168.16.10 dst-port=3389,389,1723,443,6129 protocol=tcp
add action=accept chain=tcp comment=“Ports to Web Server” disabled=no
dst-address=x.x.x.x dst-port=80,81,443 protocol=tcp
add action=accept chain=tcp comment=“TS Server bound rules” disabled=no
dst-address=192.168.16.11 dst-port=3389 protocol=tcp
add action=accept chain=udp comment=“VOIP Server bound rules” disabled=no
dst-address=x.x.x.x dst-port=5060,4569,10000-20000 protocol=udp
src-address-list=fusion-access
add action=accept chain=tcp comment=“” disabled=no dst-address=x.x.x.x
dst-port=443,22 protocol=tcp src-address-list=fusion-access
add action=drop chain=input comment=“drop external access to router”
disabled=no dst-port=80,443,22,8291,23,21 protocol=tcp src-address-list=
!fusion-access src-address-type=“”
add action=accept chain=tcp comment=
“Allow access to ADSL routers from Fusion” disabled=no dst-address-list=
adsl-routers dst-port=80,23,3389 protocol=tcp src-address-list=
fusion-access
add action=drop chain=udp comment=“deny TFTP” disabled=no dst-port=69
protocol=udp
add action=drop chain=udp comment=“deny PRC portmapper” disabled=no dst-port=
111 protocol=udp
add action=drop chain=udp comment=“deny PRC portmapper” disabled=no dst-port=
135 protocol=udp
add action=drop chain=udp comment=“deny BackOriffice” disabled=no dst-port=
3133 protocol=udp
add action=drop chain=forward comment=“default drop rule” disabled=no

rgodoy · September 23, 2010, 1:59pm

When I got “Invalid value…” message it was because I wasn’t in “root directory”. My experience… (/ping [whatever])