Community discussions

MikroTik App
 
NumLock
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon Jun 16, 2008 3:38 am

Help! PPPoE with Limit Access with webproxy

Sat Oct 17, 2009 12:11 am

Hi I need some help. I need to make limit access for PPPoE.

PPPoE clients pool IP is 10.80.40.0/24

I want limit access only to some web site for example:

www.paypal.com


Any help I will appreciate.


Thanks!
 
NumLock
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon Jun 16, 2008 3:38 am

Re: Help! PPPoE with Limit Access with webproxy

Sat Oct 17, 2009 10:30 pm

I have this setup and block the IP pool that I want. But the port 443 is open and the client can access any page with https:


                 enabled: yes
             src-address: 10.80.40.0
                    port: 8080
            parent-proxy: 0.0.0.0
       parent-proxy-port: 0
     cache-administrator: "webmaster"
          max-cache-size: none
           cache-on-disk: no
  max-client-connections: 5000
  max-server-connections: 5000
          max-fresh-time: 3d
   serialize-connections: no
       always-from-cache: no
          cache-hit-dscp: 4
             cache-drive: primary-slave
Proxy Access Rules
/ip proxy access
add action=allow comment="" disabled=no dst-host=www.mydomain.com\
    redirect-to=www.mydomain.comsrc-address=10.80.40.0/24
add action=deny comment="" disabled=no dst-host=*.* redirect-to=\
    www.mydomain.comsrc-address=10.80.40.0/24
add action=allow comment="" disabled=no dst-host=www.paypal.com src-address=\
    10.80.40.0/24


Firewall Rules
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
    10.80.40.0/24
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
    10.66.40.0/23
add action=redirect chain=PROXY-LIMIT comment="" disabled=no dst-port=8080 \
    in-interface=ether1 protocol=tcp src-address=10.80.40.0/24
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
    tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=0-79 \
    protocol=tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=81-442 \
    protocol=tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=444-65535 \
    protocol=tcp src-address=10.80.40.0/24 to-ports=8080
This site is manually block for port 443
 chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=10.80.40.0/24 dst-address=64.178.214.6 dst-port=443 
Last edited by NumLock on Sun Oct 18, 2009 8:12 pm, edited 2 times in total.
 
NumLock
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon Jun 16, 2008 3:38 am

Re: Help! PPPoE with Limit Access with webproxy

Sat Oct 17, 2009 10:32 pm

Firewall Filter
/ip firewall filter
add action=drop chain=input comment="" disabled=no dst-port=8080 \
    in-interface=ether1 protocol=tcp src-address=10.80.40.0/24

For some reason I have to block the most popular web site for port 443 and skype still work.


Help please I almost done
 
NumLock
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon Jun 16, 2008 3:38 am

Re: Help! PPPoE with Limit Access with webproxy

Mon Oct 19, 2009 4:17 am

?????????????
????????????
???????????
??????????
?????????
????????
???????
??????
????
??
?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Help! PPPoE with Limit Access with webproxy

Mon Oct 19, 2009 10:14 am

you cannot use transparent proxying for https

I think, you should just get IP addresses of paypal servers, allow port 443 to there addresses and then block all the rest. all in firewall filter, w/o webproxy
 
NumLock
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon Jun 16, 2008 3:38 am

Re: Help! PPPoE with Limit Access with webproxy

Mon Oct 19, 2009 4:56 pm

Thanks for help me and respond.
It’s reliable to make this implementation or there other way to make that.


Its working but I don’t have any experience with web proxy on Mikrotik.

The others IP pools work with out problems for those rules.


Please advice.

Thanks! Thanks! Thanks! Thanks! :) :)
 
NumLock
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon Jun 16, 2008 3:38 am

Re: Help! PPPoE with Limit Access with webproxy

Mon Oct 19, 2009 9:33 pm

Hi Chupaka

I have RoutersOS 3.22 is safe to upgrade to 4.1?

In my setup the proxy wil work only for the 10.80.40.0/24 or all ip will use this proxy?

I just want proxy for the IP pool 10.80.40.0/24


sorry I am newbie
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Help! PPPoE with Limit Access with webproxy

Mon Oct 19, 2009 11:46 pm

I began to doubt in task formulating... do you need to allow access only to paypal, or you need to block access to paypal?..

in your setup the proxy will work only for the 10.80.40.0/24 subnet - see your 'redirect' NAT rule
 
NumLock
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon Jun 16, 2008 3:38 am

Re: Help! PPPoE with Limit Access with webproxy

Tue Oct 20, 2009 1:42 am

allow only to paypal and my web site.
 
NumLock
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon Jun 16, 2008 3:38 am

Re: Help! PPPoE with Limit Access with webproxy

Tue Oct 20, 2009 1:45 am

you cannot use transparent proxying for https

I think, you should just get IP addresses of paypal servers, allow port 443 to there addresses and then block all the rest. all in firewall filter, w/o webproxy

how?

Will redirect to paypal like proxy?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Help! PPPoE with Limit Access with webproxy

Tue Oct 20, 2009 11:20 am

no, it will just block - you cannot redirect https

Who is online

Users browsing this forum: hasan2221 and 101 guests