Community discussions

MikroTik App
 
yah1803
just joined
Topic Author
Posts: 1
Joined: Wed Sep 22, 2021 4:41 am

Forward all http/https traffic to LAN pc?

Wed Sep 22, 2021 5:07 am

Hello everyone,

I am new to routeros. My home LAN is managed by a mikrotik router running RouterOS 6.48.4. My ISP has a firewall that blocks many websites. To get around this firewall, I am running privoxy on one of my home pc (IP 192.168.0.110, connected to ether5) and a PC outside the firewall and connect these two with a KCPTUN tunnel. To access the blocked website, I setup browsers to use the proxy at port 8118 (default port of proxy) of 192.168.0.110, and all the traffic are forwarded to outside PC over KCPTUN tunnel. It works great for all the blocked sites for both http and https protocols.

Now I want to set up ROS rules so that I don't need to set up proxies on every devices. I tried something like:
ip firewall nat add action=dst-nat chain=dstnat dst-port=80 in-interface=ether2 protocol=tcp to-addresses=192.168.0.115 to-ports=8118
but the system inactivate this rule because ether2 is a slave to a bridge.

Please advise me what I should do.

I appreciate your help. Bridge information is as following. If other information is needed, please let me know.
/interface bridge export 
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether5
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Forward all http/https traffic to LAN pc?

Thu Sep 23, 2021 6:12 pm

So in short,
YOu need a way to configure on the router to send all traffic to a local IP behind the router (a pc) which has a tunnel setup to an external PC which then accesses the internet?
Not familiar with KCPTUN is a type of VPN?

Sounds plausible just dont know if its a matter of Route selection, dst-nat, mangling or all three. Hopefully someone will chime in and point in the right direction.

In any case recommend you use wireguard connected to another external MT router (router to router vice pc to pc.........)

Who is online

Users browsing this forum: Ahrefs [Bot] and 68 guests