Community discussions

 
dandrzejewski
just joined
Topic Author
Posts: 23
Joined: Fri Oct 09, 2015 5:39 am

Layer 7 Transparent Proxy

Sat Oct 10, 2015 1:48 am

So, I have a rule that will redirect to the web proxy based on port:
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0    chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80 log=yes log-prefix="[REDIR] "

 1    ;;; default configuration
      chain=srcnat action=masquerade out-interface=WAN log=no log-prefix=""
This works.

But when I change it to use layer 7 matching rather than port, it does not work:
0    chain=dstnat action=redirect to-ports=8080 protocol=tcp layer7-protocol=http log=yes log-prefix="[REDIR] "
The layer 7 protocol is defined like this:
18 name="http" regexp="http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019]\r\n"
What am I doing wrong here?
 
User avatar
vipe
Member Candidate
Member Candidate
Posts: 166
Joined: Thu Sep 14, 2006 10:05 pm

Re: Layer 7 Transparent Proxy

Fri Oct 30, 2015 6:04 am

0 chain=dstnat action=redirect to-ports=8080 dst-port=80 protocol=tcp layer7-protocol=http log=yes log-prefix="[REDIR] "
 
troffasky
Member
Member
Posts: 399
Joined: Wed Mar 26, 2014 4:37 pm

Re: Layer 7 Transparent Proxy

Sat Oct 31, 2015 8:59 pm

I could be wrong, but...if the conversation is far enough along to recognise the protocol at L7 to be HTTP, surely it's too late to rewrite the port?

Who is online

Users browsing this forum: No registered users and 23 guests