Community discussions

MikroTik App
 
plcoomer
newbie
Topic Author
Posts: 38
Joined: Fri Nov 18, 2005 3:41 pm
Location: Fort Worth, Texas, USA
Contact:

Transparent Web proxy

Tue Jul 31, 2007 5:03 am

I keep getting this error: Dns Missing
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "prairienet.us"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "webmaster"
max-object-size: 4096KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: dns-missing
reserved-for-cache: 13309952KiB
reserved-for-ram-cache: 2048KiB

Where should the DNS Go?
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: Transparent Web proxy

Tue Jul 31, 2007 5:06 am

Check IP -> DNS. Setting button.

-Louis
 
plcoomer
newbie
Topic Author
Posts: 38
Joined: Fri Nov 18, 2005 3:41 pm
Location: Fort Worth, Texas, USA
Contact:

Re: Transparent Web proxy

Tue Jul 31, 2007 5:50 am

Ok it says running now but .........no clients/ requests or hits

enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: "dogsrusyep.us"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "webmaster"
max-object-size: 4096KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: stopped
reserved-for-cache: 13309952KiB
reserved-for-ram-cache: 2048KiB

Nothing really happens
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: Transparent Web proxy

Tue Jul 31, 2007 5:54 am

Here is the link to the WIKI on how to set this up.

http://wiki.mikrotik.com/wiki/How_to_ma ... _web_proxy

-Louis
 
User avatar
cholegm
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Thu Jul 19, 2007 7:43 pm
Location: Gornji Milanovac, Serbia
Contact:

Re: Transparent Web proxy

Tue Jul 31, 2007 9:20 am

/ ip web-proxy 
set enabled=yes src-address=0.0.0.0 port=8080 hostname="proxy.domain.com" transparent-proxy=yes \
    parent-proxy=0.0.0.0:0 cache-administrator="webmaster@domain.com" \
    max-object-size=4096KiB cache-drive=system max-cache-size=none \
    max-ram-cache-size=unlimited

But...
Better use the webproxy-test package!
/ ip proxy 
set enabled=yes src-address=0.0.0.0 port=8080 parent-proxy=0.0.0.0:0 \
    cache-drive=system cache-administrator="webmaster@domain.com" \
    max-disk-cache-size=none max-ram-cache-size=none cache-only-on-disk=no \
    maximal-client-connections=1000 maximal-server-connections=1000 \
    max-object-size=4096KiB max-fresh-time=3d 
If you want to cache pages. Just set max-disk-cache-size, max-ram-cache-size, cache-only-on-disk, max-object-size, max-fresh-time (see manual for details)
/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 in-interface="name of interface" action=redirect to-ports=8080 
/ ip proxy access
add action=deny dst-host="www.domain.com" redirect-to="www.mydomain.com"
or
/ ip proxy access 
add path=:\\.bat\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.cmd\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.com\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.cpl\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.csh\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.exe\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.inf\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.lnk\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.msi\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.msp\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.reg\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.scf\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.scr\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.torrent\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.nzb\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.pls\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.mp\[3g\]\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.wm\[av\]\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.zip\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.rar\$ action=deny redirect-to="www.mydomain.com" 
add path=:\\.7z\$ action=deny redirect-to="www.mydomain.com" 

Regards,
Mladen
 
plcoomer
newbie
Topic Author
Posts: 38
Joined: Fri Nov 18, 2005 3:41 pm
Location: Fort Worth, Texas, USA
Contact:

Re: Transparent Web proxy

Sat Aug 04, 2007 4:31 pm

Ok So
I'm getting the re-direct however
the page does not forward and load...
 
plcoomer
newbie
Topic Author
Posts: 38
Joined: Fri Nov 18, 2005 3:41 pm
Location: Fort Worth, Texas, USA
Contact:

Re: Transparent Web proxy

Sat Aug 04, 2007 4:34 pm

Actually with no Access rules at all..... web traffic stops... completely
 
plcoomer
newbie
Topic Author
Posts: 38
Joined: Fri Nov 18, 2005 3:41 pm
Location: Fort Worth, Texas, USA
Contact:

Re: Transparent Web proxy

Thu Aug 09, 2007 4:01 pm

Help........... It just does not work...
All my web traffic stops when using webproxy-test...
What would block the traffic?

status: running
uptime: 53s
requests: 1131
hits: 0
cache-used: 0KiB
ram-cache-used: 0KiB
total-ram-used: 541KiB
received-from-servers: 1613KiB
sent-to-clients: 1815KiB
hits-sent-to-clients: 0KiB

Note: hits-sent-to-clients: 0KiB
 
plcoomer
newbie
Topic Author
Posts: 38
Joined: Fri Nov 18, 2005 3:41 pm
Location: Fort Worth, Texas, USA
Contact:

Re: Transparent Web proxy

Thu Aug 09, 2007 4:18 pm

# SRC-ADDRESS DST-ADDRESS PROTOCOL STATE TX-BYTES RX-BYTES
0 C 216.171.250.40 64.233.167.99 HTTP/1.1 waiting 0 864
1 S 64.233.167.99 216.171.250.40 idle 0 0
2 C 216.171.250.40 64.233.167.99 HTTP/1.1 waiting 0 879
3 S 64.233.167.99 216.171.250.40 idle 0 0
4 C 216.171.250.40 72.14.203.100 HTTP/1.1 waiting 0 917
5 S 72.14.203.100 216.171.250.40 idle 0 0
6 C 216.171.250.40 216.34.209.13 HTTP/1.1 waiting 0 374
7 C 216.171.250.40 212.150.236.70 HTTP/1.1 waiting 0 577
8 S 212.150.236.70 216.171.250.40 idle 0 0
9 C 216.171.250.40 212.150.236.70 HTTP/1.1 waiting 0 569
10 S 212.150.236.70 216.171.250.40 idle 0 0
11 C 216.171.250.40 212.150.236.81 HTTP/1.1 waiting 0 631
12 S 212.150.236.81 216.171.250.40 idle 0 0
13 C 216.171.250.40 212.150.236.80 HTTP/1.1 waiting 0 980
14 S 212.150.236.80 216.171.250.40 idle 0 0
15 C 216.171.250.40 72.14.203.91 HTTP/1.1 waiting 0 894
16 S 66.135.218.31 216.171.250.40 idle 0 0
17 S 72.14.203.91 216.171.250.40 idle 0 0
18 S 216.34.209.13 216.171.250.40 idle 0 0
19 C 216.171.250.40 216.34.209.13 HTTP/1.1 waiting 0 374
20 S 216.34.209.13 216.171.250.40
 
User avatar
cholegm
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Thu Jul 19, 2007 7:43 pm
Location: Gornji Milanovac, Serbia
Contact:

Re: Transparent Web proxy

Thu Aug 09, 2007 7:42 pm

Check you configuration!

Check your proxy port 3124 or 8080

Check your redirect rule. In redirect rule "to-ports=" is your proxy port.
/ ip firewall nat add chain=dstnat protocol=tcp dst-port=80 in-interface=local2 action=redirect to-ports=8080
or
ip firewall nat add chain=dstnat protocol=tcp dst-port=80 src-address=192.168.0.0/16 action=redirect to-ports=8080
 
User avatar
ashish
Long time Member
Long time Member
Posts: 550
Joined: Mon Feb 12, 2007 5:50 am
Location: Virginia, USA.

Re: Transparent Web proxy - Stop Downloading *.exe

Fri Aug 31, 2007 8:35 am

I have done the same configuration with Web-Proxy Test Package.

I am able to Drop websites using dst-host=www.xyz.com

But Not able to stop downloading

/ip proxy access
add path=:\\.exe\$ action=deny.

Still i can download EXE files...Please Help me how to stop.

ASHISH
 
User avatar
GWISA
Member
Member
Posts: 394
Joined: Tue Jan 31, 2006 2:37 pm
Location: Johannesburg, South Africa

Re: Transparent Web proxy

Fri Aug 31, 2007 4:36 pm

I've successfully used the content=application/octet-stream field in the firewall filter to block .exe downloads if you dn't win with the proxy settings...
 
User avatar
ashish
Long time Member
Long time Member
Posts: 550
Joined: Mon Feb 12, 2007 5:50 am
Location: Virginia, USA.

Re: Transparent Web proxy

Mon Sep 03, 2007 9:10 am

Please explain me in details
 
User avatar
GWISA
Member
Member
Posts: 394
Joined: Tue Jan 31, 2006 2:37 pm
Location: Johannesburg, South Africa

Re: Transparent Web proxy

Mon Sep 03, 2007 9:18 am

chain=prerouting action=mark-packet new-packet-mark=disallowed passthrough=no 
     content=application/octet-stream
As part of a longer list of rules to mark unwanted file types.

Who is online

Users browsing this forum: jwshields, wfuzatto and 100 guests