WEBPROXY WITH /30

emmanuel · July 25, 2007, 9:42am

HELLO GUY
AM HAVE SMALL PROBLEM WHICH I KNOW U GUY CAN HELP.I HAVE LINK FROM ISP WHICH MY IP ADDRESS RANGE IS /24, THEN I BREAKDOWN TO /30 WHICH GET 64 SUBNET AND HE WORK FINE, I SETUP A MACHINE MT ROUTER CONFIGURE IT AS BRIDGE MODE,DNSCACHE,BANDWIDTH HE WORK FINE WHICH PLACE IN THE FRONT FIRST MACHINE,BUT MAIN PROBLEM IS IF I ENABLE WEBPROXY AND TRANSPARENT MODE ANY MACHINE BEHIND IT WOLUD NOT WORK UNLESS DIABLE THE WEBPROXY.FOR EXAMPL THE FIRST MACHINE THAT BREAK THE IP IS 10.50.1.1/30,10.50.1.5/30,10.50.1.9/30 ETC,THEN WE SETUP MACHINE PLACE FRONT MT ROUTER HE ALSO MT ROUTER AN IP IS 10.50.2/30 WHICH WE SETUP AS DNSCACHE,BANDWIDTHMANGER,BRIDGE MODE AND WEBPROXY AND MY LAPTOP IP IS 10.50.1.6/30 IF IDID NOT ENABLE WEBPROXY WORK FINE BUT IF ENABLE WEB PROXY NO BROWSING AND AGAIN IF I DISABLE TARNSPARENT MODE AND SET PROXY SET ON LAPTOP IT WORK FINE BUT IDONT TO SET PROXY IP AND PORT ON CUSTOMER END IWNAT TO SETUP AS TRANSPARENT BROWSING STOP.
THANX U FAST REPLY

tgrand · July 25, 2007, 10:09am

Let me know if you find a solution.

I found that disabling the WebProxy Caused problems for my gateway and just last night I had to reset-configuration, and start all over.
Any Router on my network which had a hotspot and the proxy address and port configured in the hs profile also had to be conpletely reconfigured.

Needless to say it was a painful experience to try the proxy. Second time I went through this.

Support does have supout.rif BTW

emmanuel · July 25, 2007, 10:22am

I WIIL BUT NEXT TIME TRY BACKUP UR CONFIGURATION.HE MADE JOB EASY WHEN THERE IS PROBLEM.OK

emmanuel · July 25, 2007, 5:43pm

pl guy if it not possible pl let me know

thanx

tgrand · July 26, 2007, 3:32am

You should create a supout.rif file and send it into support@mikrotik.com

I have done this.
It still has not yeilded any replies, but I can hope that it is being looked into.

I may be over optimistic, and maybe not…

sergejs · July 27, 2007, 6:34am

Post your proxy configuration that does not work for you.
Check the status of proxy by print command.

emmanuel · September 18, 2007, 10:24am

admin@MikroTik] ip address> pr
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 196.1.0.4/24 196.1.0.0 196.1.0.255 ether1
1 10.80.1.1/30 10.80.1.0 10.80.1.3 ether2
2 10.80.1.5/30 10.80.1.4 10.80.1.7 ether2
[admin@MikroTik] ip route> pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC G GATEWAY DISTANCE

INTERFACE
0 A S 0.0.0.0/0 r 196.1.0.1 1 ether1
1 ADC 10.80.1.0/30 10.80.1.1 0 ether2
2 ADC 10.80.1.4/30 10.80.1.5 0 ether2
3[admin@MikroTik] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=src-nat to-addresses=196.1.0.4

to-ports=0-65535
src-address=10.80.1.0/30

1 chain=srcnat action=src-nat to-addresses=196.1.0.4

to-ports=0-65535
src-address=10.80.1.4/30
this is first configuration on mt router

ip address> pr
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 10.80.1.2/30 10.80.1.0 10.80.1.3 bridge1
[admin@MikroTik] ip route> pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE

0 A S 0.0.0.0/0 r 10.80.1.1 1 bridge1
1 ADC 10.80.1.0/30 10.80.1.2 0 bridge1 [admin@MikroTik] ip route> /ip web
[admin@MikroTik] ip web-proxy> pr
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4665344KiB
reserved-for-ram-cache: 2048KiB
0 chain=dstnat action=redirect to-ports=3128 in-interface=bridge1
dst-port=80 protocol=tcp
nterface bridge> pr
Flags: X - disabled, R - running
0 R name=“bridge1” mtu=1500 arp=enabled mac-address=00:B0:D0:71:F8:39
protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:67:65 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
this is second configuration for mt router

thirdly is my laptop ip address 10.80.1.6/30 gateway 10.80.1.5

thanx fast reply

sergejs · September 18, 2007, 12:52pm

Probably it is better to enable proxy on the first router ?

emmanuel · September 19, 2007, 9:43am

thanks for fast reply
let be honstly with this not what wanted to setup but am just try to test this first then setup main platform.i have link from backbone through cable which my ip is wan=192.168.9.10/30 and lan is 196.1.0.1/24, then i setup mt router to face the network and breakdown the /24 to /30 each for example 196.1.0.1/30,196.1.0.5/30 like thatbut major problem is when i enable webproxy transparent he wiil stop allow traffic.pl we can do to make work,what i am think is ask my provider to give public ip for wan or if u have any ideal to make work.thanx for fast reply.god bless u

emmanuel · September 21, 2007, 10:47am

I CAN NOT BELIVE THAT MT ROUTER CAN’T SOLVE MY PROBLEM, PL IF ANYBODY HAVE SOLUTIONS THIS PROBLEM PL LET HAVE UR IDEAL THANX

JR1 · September 21, 2007, 9:26pm

You are attempting to src-nat 2 different subnets to 1 ip!
Suggest you disable 0,1
then add:
action=masquerade out-interface=ether1

I assume ether1 is connected to ISP, ether2 (with 2 IP) is connected to a switch and bridge is behind this.