Community discussions

MikroTik App
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Web proxy settings question

Mon Mar 15, 2010 11:26 am

Hi there,

I am hoping that somebody can explain why the bottom three values don't seem to add up.

Shouldn't "Received From Servers" + "Hits Sent to Clients" = "Sent To Clients"?

On my example:
12 376 805 + 893 614 = 13 270 419 and that is not equal to 13 935 644.

Can somebody show me where I am going wrong?
You do not have the required permissions to view the files attached to this post.
 
pcglobelb
newbie
Posts: 26
Joined: Sun Aug 17, 2008 6:10 pm

Re: Web proxy settings question

Mon Mar 15, 2010 11:49 am

you are not going wrong at no place. but aren't you running any filter rule ? aren't u droping packets somewhere?
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Web proxy settings question

Mon Mar 15, 2010 12:08 pm

Yes we are blocking a few sites and also preventing external access to the proxy. But the sites are blocked on the outgoing route already and I can't see how that could amount to about 700MB of traffic.
 
pcglobelb
newbie
Posts: 26
Joined: Sun Aug 17, 2008 6:10 pm

Re: Web proxy settings question

Mon Mar 15, 2010 12:14 pm

i jsut made a simple calculation from my side and the numbers are 100% exact...
paste your filter rules there should be a trap somewhere
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Web proxy settings question

Mon Mar 15, 2010 1:11 pm

/ip proxy access> print
Flags: X - disabled
# DST-PORT DST-HOST PATH METHOD ACTION HITS
0 ;;; allow connect only to SSL ports 443 (https) and 563 (snews)
!443,563 CONNECT deny 81
1 site... deny 0
2 site... deny 117
3 site... deny 25
4 site... deny 0
5 site... deny 1632
6 site... deny 4
7 site... deny 0
8 site... deny 8
9 site... deny 0
10 site... deny 0
11 site... deny 1
12 site... deny 0
13 site... deny 0
14 site... deny 0
15 site... deny 0
16 site... deny 4509
17 site... deny 0
18 site... deny 0
19 site... deny 0
20 site... deny 8669
21 site... deny 0
22 site... deny 0
23 site... deny 0
24 site... deny 0
25 site... deny 0
26 site... deny 0
27 site... deny 3
28 site... deny 2
29 site... deny 0
30 site... deny 4
31 site... deny 0
32 site... deny 0
33 site... deny 0
34 site... deny 0
35 site... deny 0
36 site... deny 8
37 site... deny 808
38 ;;; Do not allow server1 to communicate directly with checkip.dyndns.or...
checkip.dynd... deny 0
39 ;;; Do not allow server2 to communicate directly with checkip.dyndns.or...
checkip.dynd... deny 1515
40 ;;; Do not allow server3 to communicate directly with checkip.dyndns.org...
checkip.dynd... deny 7549
41 ;;; Do not allow server4 to communicate directly with checkip.dyndns....
checkip.dynd... deny 0
42 *.mp3 deny 725
43 *.wav deny 41
44 *.midi deny 0
45 *.mdi deny 1
46 *.dat deny 485
47 *.mpg deny 0
48 *.avi deny 0
49 *.torrent deny 1
50 *.nzb deny 0
51 ;;; allow all internal users access to the proxy
allow 1314561
52 ;;; allow VPN users access to proxy
allow 0
53 site... allow 0
54 site... allow 0
55 ;;; deny everybody else
deny 254
 
pcglobelb
newbie
Posts: 26
Joined: Sun Aug 17, 2008 6:10 pm

Re: Web proxy settings question

Mon Mar 15, 2010 1:33 pm

are you using parent proxy or just mikrotik's proxy?
 
pcglobelb
newbie
Posts: 26
Joined: Sun Aug 17, 2008 6:10 pm

Re: Web proxy settings question

Mon Mar 15, 2010 1:36 pm

i suggest you use /ip firewall filter to drop what you want to drop
in all cases i beleive your webproxy is working properly and there is a small trap somewhere
if you have public ip on ur mt i would connect with a read only user to check it out
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Web proxy settings question

Mon Mar 15, 2010 1:43 pm

We only use the MT proxy. We have a separate set of rules in the firewall which governs all connections and not just web proxy rules. It would not be practical to move all of these rules to the firewall section.

If the rules were the problem it would make sense to me that "Received From Servers" + "Hits Sent to Clients" exceed "Sent To Clients", but this is not the case. Somehow more data is being sent to the clients than received from servers + cache.

Who is online

Users browsing this forum: acn, Bing [Bot], Sailwebwifi and 41 guests