I have setup my webproxy to use my ISP’s proxy as a parent
Heres my setup:
Mr RB433 is running ROS v3.10 and:
is a pppoe client to the ISP on eth1 (international)
is a pppoe client to the ISP on eth2 (local)
has a pppoe server on Bridge1 ( wlan + eth3)
The RB routes all traffic through the respective ISP according to local or international traffic by packet marking using mangle…
So why doesnt the proxy work? Have I bypassed it because of the mangle rules?
EDIT: I am running webproxy on mikrotik and not an external web proxy
I don’t know what is not working because you didn’t mention it, but i can see that you have set the proxy port to 80, which is the http port, so i guess that can be your problem. You have to set it up on a different port then redirect http traffic from port 80 to the proxy port.
When I open up a webpage a connection is made in ip>firewall>connections to this ip:198.54.202.4:80 but the error message still appears instead of the desired web page
The error message appears instantly so it is definetly not a timeout…
The webproxy stats shows this:
…So the firewall rule is obviously working as the traffic gets redirected to webproxy but thats about it
is the firewall rule on the top, it can interfere with some other rule! Even though i think this is a proxy problem, because the traffic reaches the proxy
James, I think the problem may lie with SAIX and not your router.
I tried using an number of other transparent proxies and this one worked particularly well;
193.227.13.43:80
I then tried dsl-cache.saix.net:8080 and I get a “Forbidden, You were denied access because: Access denied by access control policy.”
My next thought was heck, stuff the SAIX proxy just use this other one but then I wondered whether local websites will be accessed via the international proxy and subsequently defeats using a local only DSL account.
However, running torch on the adsl_local interface shows my PC hitting local sites so clearly I don’t yet understand the IP flow. I would have expected ALL web traffic to be proxied by this international server and of course use my expensive international DSL bandwidth but not. Interesting hey?
Well anyway, try this other proxy and give some feedback.
BTW, this is on 2.9.51 but I can try on 3.11 if you need me to.
ip proxy export:
set always-from-cache=no cache-administrator=“” cache-drive=system
cache-hit-dscp=4 cache-on-disk=no enabled=yes max-cache-size=unlimited
max-client-connections=600 max-fresh-time=3d max-server-connections=600
parent-proxy=193.227.13.43 parent-proxy-port=80 port=8080
serialize-connections=no src-address=0.0.0.0
I am using ROS 3.10 so I would preffere to upgrade to 3.11 as opposed to downgrade to 2.9…If u culd try it out with 3.11 and it works then I would appreciate that and i’ll upgrade…
but first have a look at my above settings coz maybee if have done sumthing stupid
I disabled my mangle rules and routes except for 1 route which sent all traffic 0.0.0.0/24 through gateway interface pppoe-out1…no routing marks
Then cache.saix.co.za:8080 worked perfectly
EDIT: The problem is that I cannot assign a routing mark to the traffic, without a routing mark it works fine but with a routing mark it fails…I was originally assigning all my clients an IP address 10.0.0.0/24 and used mangle to mark all traffic that originates from these IP’s with the Route “A”…Then I routed all traffic with the Route mark “A” with destination 0.0.0.0/24 through the gateway interface pppoe-out1 (international).
I needed to remove the mangle rule with market traffic with the route “A” and then the webproxy worked
So the big question now is : How do I mark routes and use a webproxy???
so long for me , i can’t help you on this because i don’t know much. I’m glad you found the problem yourself and someone with help you to succeed to the next point
James I think your issue is related to SAIX and not the web proxy. Remember that dsl-cache.saix.net is really intended to help with international bandwidth. So what SAIX does is block access to this proxy to all local only IP gateways (if this makes sense). To get around this, you need to add a new rule to the routing table to make 196.43.9.21 use the international dsl gateway. It then works but you lose the ability to browse local sites with local only bandwidth.
Let’s put it this way, that’s how I see it and how I’ve tested it.
Hilton, Thankx for the info…helped me understand things better
I however added a few tweaks to my firewall rule that lets me use a local account aswell as international heres how
I created an address list called “sa” and I added all ±1300 local ip addresses ( http://alm.za.net/ip/localroutes4.txt )..I pasted all the ip addresses into an excel spread sheet and used find +replace function to edit the cells to something like this “add address=xxx.xxx.xxx.xxx/xx comment=”" disabled=no list=sa"
I then pasted these rules into the terminal, only 150 at a time…
So now we have an address list with all the south african ip’s
I then editted the firewall rule which redirected http traffic to the 8080 webproxy port… Under “advanced” > “Dst Address List” I added the “sa” address list and ticked the box so that it excludes all the ip’s from South Africa…So only international traffic goes through the proxy and local traffic gets routed over a local only adsl account:) ..pretty cool hey??
thanks Hilton for explaining how the proxy works otherwise I wuldnt have thought to exclude SA ip’s…
and to the other guys coz those troubleshooting tips helped alot
It now works perfectly
James this is very good. However I have a further tweak you may want to consider.
Your set-up currently doesn’t allow for caching of local sites so in a way this is a bit of a problem, given the cr@p bandwidth we have in this country. It would be good to able to use the web proxy for ALL browsing. No?
If you add a rule like this;
/ip proxy direct add dst-address=196.36.0.0/16
it tells the proxy to resolve the address by connecting to the requested server directly, subsequently using local only bandwidth. This address is for http://www.absa.co.za as a test.
The downside is that you have to add all the local IP ranges (again) but the upside is that now ALL web traffic is proxied/cached eventually.
How big does your cache get? I only have about 10 pc’s on the network so I am running the proxy on a RB433…Do you think I should setup an old PC with an ±80gig HDD coz of the cache?
, i can’t help you on this because i don’t know much. I’m glad you found the problem yourself and someone with help you to succeed to the next point 