i already use transparent proxy on my network on port 80 "http"
what i want to do now is send ip range to squid on port 443
for port 80 i already use......
eth1=LAN Interface
192.168.50.50 = IP of Squid Proxy Server LAN interface (eth1)
192.168.100.0/24 = Network for LAN users
192.168.50.254 = IP Mikrotik Proxy Interface IP (Squid)
/interface ethernet
set 0 name=LAN
set 1 name=SQUID
set 2 mac-address=00:50:56:31:A4:F0 name=WAN
/ip pool
add name=dhcp_pool1 ranges=192.168.100.200-192.168.100.253
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
/ip address
add address=192.168.0.254/24 interface=WAN network=192.168.0.0
add address=192.168.50.254/24 interface=SQUID network=192.168.50.0
add address=192.168.100.254/24 interface=LAN network=192.168.100.0
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.254,8.8.4.4,8.8.4.4 gateway=192.168.100.254
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-routing chain=prerouting dst-port=80 new-routing-mark=http protocol=tcp
/ip firewall nat
add chain=srcnat dst-port=80 protocol=tcp
add action=masquerade chain=srcnat out-interface=WAN
/ip route
add distance=1 gateway=192.168.50.50 routing-mark=http
add check-gateway=ping distance=1 gateway=192.168.0.1
____________________________________________________
now i want to send to squid port 443 only an ip range from 192.168.100.1-192.168.100.50 "this is the ip range in my network where i can upload cert"
any help would be appreciated.
Regards
-
-
scotthammersley
Member Candidate
- Posts: 230
- Joined:
- Location: Jackson, MS
- Contact:
Re: Redirect HTTP HTTPS traffic to SQUID
This should work for you.
/ip firewall address-list
add address=192.168.100.1-192.168.100.50 list=Defined
/ip firewall mangle
add action=mark-routing src-address-list=Defined chain=prerouting dst-port=443 new-routing-mark=https protocol=tcp
/ip firewall nat
add chain=srcnat dst-port=443 protocol=tcp
/ip route
add distance=1 gateway=192.168.50.50 routing-mark=https
/ip firewall address-list
add address=192.168.100.1-192.168.100.50 list=Defined
/ip firewall mangle
add action=mark-routing src-address-list=Defined chain=prerouting dst-port=443 new-routing-mark=https protocol=tcp
/ip firewall nat
add chain=srcnat dst-port=443 protocol=tcp
/ip route
add distance=1 gateway=192.168.50.50 routing-mark=https
Re: Redirect HTTP HTTPS traffic to SQUID
somehow it works, but all network is affected.. not only the ip range . will do more tests later in the night.
thanks for your quick response
thanks for your quick response
Re: Redirect HTTP HTTPS traffic to SQUID
it works, many thanks.
-
-
scotthammersley
Member Candidate
- Posts: 230
- Joined:
- Location: Jackson, MS
- Contact:
Re: Redirect HTTP HTTPS traffic to SQUID
Glad to be able to help.
Re: Redirect HTTP HTTPS traffic to SQUID
can i use
using only one route and mark https,http
/ip route
add distance=1 gateway=192.168.50.50 routing-mark=https,http
Regards
Adi
using only one route and mark https,http
/ip route
add distance=1 gateway=192.168.50.50 routing-mark=https,http
Regards
Adi
Who is online
Users browsing this forum: ianjay06, NxtGen [Bot] and 46 guests