Hi all,
I can't seem to get the transparent proxy feature working on our MT.
I've followed the documentation with no luck.
Basically we have a box with 2 nics.
Works perfectly as a gateway, internal address range gets nat'd out the external interface.
No special rules atm.
I've setup the web proxy, works perfectly when the client puts the proxy address in their browser, eg, 192.168.0.1 8080
We want to take it one step further now and make it transparent, so the users don't need to make any changes on their browser.
I followed the documentaion here:
http://www.mikrotik.com/docs/ros/2.8/ip ... xy.content
Transparent section, but it does not work.
I've tried ticking the box in winbox "transparent proxy", still no joy.
I'm sure it's something simple, any ideas ?
Some more info:
====================================
[admin@MikroTik] > /ip web-proxy export
# feb/24/2005 07:44:33 by RouterOS 2.8.24
# software id = <removed>
#
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="proxy" \
transparent-proxy=no parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size="200000 kB" \
cache-drive=system max-cache-size=10000
/ ip web-proxy access
add dst-port=!443,563 method=connect action=deny comment="allow CONNECT only \
to SSL ports 443 \[https\] and 563 \[snews\]" disabled=no
/ ip web-proxy cache
add url="cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
disabled=no
=========================================
[admin@MikroTik] > /ip web-proxy monitor
status: running
uptime: 18h8m3s
clients: 2
requests: 1595
hits: 74
cache-size: 16428 kB
received-from-servers: 122496 kB
sent-to-clients: 152223 kB
hits-sent-to-clients: 29637 kB
=========================================
Thanks for your time.
-
-
steve@thebiginter.net
just joined
- Posts: 21
- Joined:
You gotta add the Source NAT Rule like this:
[admin@MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \
dst-address=!192.168.0.1/32:80 action=redirect to-dst-port=8080
Keep the 'Transparent Proxy' checked
Change the name=ether1 to the name of your particular LAN Card.
Best way is to copy the above section into notepad, change the name of the LAN Card, then copy/paste it into the Terminal in Winbox - saves you typing it all in.
Steve Head
TBI
[admin@MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \
dst-address=!192.168.0.1/32:80 action=redirect to-dst-port=8080
Keep the 'Transparent Proxy' checked
Change the name=ether1 to the name of your particular LAN Card.
Best way is to copy the above section into notepad, change the name of the LAN Card, then copy/paste it into the Terminal in Winbox - saves you typing it all in.
Steve Head
TBI
ok back again, still no go 
If I add the proxy in manually, it works fine, but without it, it's bypassing the proxy.
=========================
[admin@MikroTik] > /ip web-proxy export
# mar/01/2005 08:02:17 by RouterOS 2.8.24
# software id = <removed>
#
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="proxy" transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size="200000 kB" cache-drive=system max-cache-size=10000
/ ip web-proxy access
add dst-port=!443,563 method=connect action=deny comment="allow CONNECT only to SSL ports 443 \[https\] and 563 \[snews\]" \
disabled=no
/ ip web-proxy cache
add url="cgi-bin \\?" action=deny comment="don't cache dynamic http pages" disabled=no
[admin@MikroTik] >
===============================
[admin@MikroTik] > /ip web-proxy monitor
status: running
uptime: 3d20h6m19s
clients: 13
requests: 1713
hits: 228
cache-size: 20980 kB
received-from-servers: 5060 kB
sent-to-clients: 5274 kB
hits-sent-to-clients: 316 kB
================================
[admin@MikroTik] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 in-interface=inside dst-address=!192.168.0.1/32:80 protocol=tcp action=redirect to-dst-port=8080
[admin@MikroTik] ip firewall dst-nat>
================================
I'm sure I'm missing something, any ideas ?
Thanks again.
If I add the proxy in manually, it works fine, but without it, it's bypassing the proxy.
=========================
[admin@MikroTik] > /ip web-proxy export
# mar/01/2005 08:02:17 by RouterOS 2.8.24
# software id = <removed>
#
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="proxy" transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size="200000 kB" cache-drive=system max-cache-size=10000
/ ip web-proxy access
add dst-port=!443,563 method=connect action=deny comment="allow CONNECT only to SSL ports 443 \[https\] and 563 \[snews\]" \
disabled=no
/ ip web-proxy cache
add url="cgi-bin \\?" action=deny comment="don't cache dynamic http pages" disabled=no
[admin@MikroTik] >
===============================
[admin@MikroTik] > /ip web-proxy monitor
status: running
uptime: 3d20h6m19s
clients: 13
requests: 1713
hits: 228
cache-size: 20980 kB
received-from-servers: 5060 kB
sent-to-clients: 5274 kB
hits-sent-to-clients: 316 kB
================================
[admin@MikroTik] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 in-interface=inside dst-address=!192.168.0.1/32:80 protocol=tcp action=redirect to-dst-port=8080
[admin@MikroTik] ip firewall dst-nat>
================================
I'm sure I'm missing something, any ideas ?
Thanks again.
Who is online
Users browsing this forum: girishg and 189 guests