Hi all,

We are using Mikrotik RB1100AHx2 as a proxy solution. And we are serving at least about 120 users. We are using VPN and a parent proxy from out ISP to access the internet via their VPN. The pronlem is that if users configured their web browser with the parent proxy they bypassed our Mikrotik (local proxy)!

Is there any configuration I need to to to prevent users from accessing the internet using the parent proxy?

Thanks.

-Chris

Code: Select all

/ip firewall nat
add action=redirect chain=dstnat comment="force my proxy" dst-port=3128,8080,80 src-address<your desired subnet> protocol=tcp to-ports=8080

-Chris

Thanks for your reply

I have a nat rule to redirect traffic to my proxy.

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080

Do I have to create another one??? Can you explain more please?

Thanks..

Perfect. In this case, you just need to add the other ports (3128,8080) to the rule. So all outgoing traffic to (standard) proxy ports will be redirected as well.
-Chris

Perfect. In this case, you just need to add the other ports (3128,8080) to the rule. So all outgoing traffic to (standard) proxy ports will be redirected as well.
-Chris

Thanks for all your efforts.

I added the ports to my nat rule, but I still can browse the internet by adding the parent proxy IP (10.10.10.10) and port (80) to my browser freely. Any ideas?

Thanks again.

Of course you can - but it is transparently redirected to your proxy.
-Chris

Of course you can - but it is transparently redirected to your proxy.
-Chris

Thanks for your time.