transparent web proxy not working

robot714 · Fri Aug 05, 2005 11:04 am

Hi,

Can someone help me out, here is my config please spot my errors

interface enable ether1,ether2
ip dhcp-client set enabled=yes interface=ether1
ip address add address=10.20.0.1/24 interface=ether2
(by the way /24 what does that mean)
ip dns set allow-remote-request=yes
ip firewall src-nat add out-interface=ether1 action=masquerade
ip firewall rule input add /
connection-state=invalid action=drop
connection-state=established
connection-state=related
protocol=udp
protocol=icmp
src-address=10.20.0.0/24
action=drop log=yes
ip pool add name=private ranges=10.20.0.2-10.20.0.254
ip dhcp-server network add gateway=10.20.0.1 address=10.20.0.0/24 dns-server=10.20.0.1
ip dhcp-server add name=home interface=ether2 lease-time=3h address-pool=private
ip dhcp-server enable home
ip web-proxy set enable=yes port=8080 max-cache-size=unlimited
ip web proxy set transparent-proxy=yes
ip firewall dst-nat add in-interface=ether1 protocal=tcp dst:!:80 action=redirect to-dst-port=8080

please help me out, everything on the monitor area still ZERO

robot714 · Sat Aug 06, 2005 5:10 am

added

ip webproxy access
add src-address=10.20.0.0/24 action=allow disable=no
add action=deny disable=no

but still not work

can anyone PLEASE HELP

regards
Robot

robot714 · Sat Aug 06, 2005 10:44 am

i have reformat the whole thing and follow exactly on the documents

/interface enable ether1,ether2
/ip dhcp-client set enabled=yes interface=ether1
/ip address add address=192.168.0.1/24 interface=ether2
/ip firewall rule input add connection-state=invalid action=drop
/ip firewall rule input add connection-state=established
/ip firewall rule input add connection-state=related
/ip firewall rule input add protocol=udp
/ip firewall rule input add protocol=icmp
/ip firewall rule input add src-address=192.168.0.0/24
/ip firewall rule input add action=drop log=yes
/ip pool add name=private ranges=192.168.0.2-192.168.0.254
/ip dhcp-server network add gateway=192.168.0.1 address=192.168.0.0/24 dns-server=192.168.0.1
/ip dhcp-server add name=home interface=ether2 lease-time=3h address-pool=private
/ip dhcp-server enable home
/ip web-proxy set enable=yes port=8080 max-cache-size=unlimited
/ip web proxy set transparent-proxy=yes
/ip firewall dst-nat add in-interface=ether1 protocal=tcp dst-address:!:80 action=redirect to-dst-port=8080

*****
ip firewall dst-nat add in-interface=ether1 protocal=tcp dst-address:!192.168.0.1/24:80 action=redirect to-dst-port=8080 (this gives me an error : destination error) why ? anyone please explain to me?
*****
web-proxy works alright !! BUT not the transparent

can anyone HELP me out here, pleaseeeeeeeeeeeeeeeeeeeeee !

regards
Robot

yancho · Sat Aug 06, 2005 11:30 am

/ip firewall dst-nat add in-interface=ether1 change to ether2 protocal=tcp dst-address:!:80 action=redirect to-dst-port=8080

the same in : ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address:!192.168.0.1/24:80 action=redirect to-dst-port=8080

robot714 · Mon Aug 08, 2005 9:53 am

yancho,

i have re-format the os and follow the same sets of instruction with your suggestions, but now the client MUST set their proxy before they can connect to the web, it is getting worst, can you please point out my errors.

regards

/interface enable ether1,ether2
/ip dhcp-client set enabled=yes interface=ether1
/ip address add address=192.168.0.1/24 interface=ether2
/ip firewall src-nat add out-interface=ether1 action=masquerade
/ip firewall rule input add connection-state=invalid action=drop
/ip firewall rule input add connection-state=established
/ip firewall rule input add connection-state=related
/ip firewall rule input add protocol=udp
/ip firewall rule input add protocol=icmp
/ip firewall rule input add src-address=192.168.0.0/24
/ip firewall rule input add action=drop log=yes
/ip pool add name=private ranges=192.168.0.2-192.168.0.254
/ip dhcp-server network add gateway=192.168.0.1 address=192.168.0.0/24 dns-server=192.168.0.1
/ip dhcp-server add name=home interface=ether2 lease-time=3h address-pool=private
/ip dhcp-server enable home
/ip web-proxy set enable=yes port=8080 max-cache-size=unlimited
/ip web proxy set transparent-proxy=yes
/ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address:!:80 action=redirect to-dst-port=8080
/ip dns set allow-remote-request=yes

*****
ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address:!192.168.0.1/24:80 action=redirect to-dst-port=8080 (this still gives me an error : destination error) why ? anyone please explain to me?
*****

Eugene · Mon Aug 08, 2005 11:40 am

ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address=!192.168.0.1/24:80 action=redirect to-dst-port=8080

robot714 · Mon Aug 08, 2005 12:40 pm

Eugene,

ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address=!192.168.0.1/24:80 action=redirect to-dst-port=8080

ERROR: destination bad

regards

robot714 · Mon Aug 08, 2005 12:43 pm

with

ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address=!:80 action=redirect to-dst-port=8080

the transparent web proxy still wont work

but with

ip firewall dst-nat add in-interface=ether2 protocal=tcp action=redirect to-dst-port=8080

it works.

but will i would like to work with the dst-address=!192.168.0.1/24:80

PLEASE HELP ME OUT

regards

Eugene · Mon Aug 08, 2005 12:46 pm

Ups, obviously, the mask should be /32 for a single host:

ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address=!192.168.0.1/32:80 action=redirect to-dst-port=8080

robot714 · Mon Aug 08, 2005 1:29 pm

Ups, obviously, the mask should be /32 for a single host:

Eugene,

i'm new so please let me know

/32 for single host, by that you mean, single server or single broadband line

/24 for multiple host, and is there anything other than /32 and /24

regards
Robot714

Eugene · Mon Aug 08, 2005 1:32 pm

http://public.pacbell.net/dedicated/cidr.html

maroon · Mon Aug 08, 2005 2:45 pm

on dst-nat remove the ! and it will work !!!

Eugene · Mon Aug 08, 2005 2:48 pm

Nope, it should be there to allow accessing the router via Winbox.

robot714 · Tue Aug 09, 2005 11:56 am

Eugene,

with the /24 change to /32 the command "ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address:192.168.0.1/32!:80 action=redirect to-dst-port=8080" enter without error, but the problem is, the client station are not getting any gateway and dns-server ip address, is there any solution for that

PLEASE HELP

regards

/interface enable ether1,ether2
/ip dhcp-client set enabled=yes interface=ether1
/ip address add address=192.168.0.1/32 interface=ether2
/ip firewall src-nat add out-interface=ether1 action=masquerade
/ip firewall rule input add connection-state=invalid action=drop
/ip firewall rule input add connection-state=established
/ip firewall rule input add connection-state=related
/ip firewall rule input add protocol=udp
/ip firewall rule input add protocol=icmp
/ip firewall rule input add src-address=192.168.0.0/32
/ip firewall rule input add action=drop log=yes
/ip pool add name=private ranges=192.168.0.2-192.168.0.254
/ip dhcp-server network add gateway=192.168.0.1 address=192.168.0.0/32 dns-server=192.168.0.1
/ip dhcp-server add name=home interface=ether2 lease-time=3h address-pool=private
/ip dhcp-server enable home
/ip web-proxy set enable=yes port=8080 max-cache-size=unlimited
/ip web proxy set transparent-proxy=yes
/ip firewall dst-nat add in-interface=ether2 protocal=tcp dst-address=!192.168.0.1/32:80 action=redirect to-dst-port=8080
/ip dns set allow-remote-request=yes

Eugene · Tue Aug 09, 2005 2:40 pm

You should have changed the mask only in one place (firewall nat), the other two addresses should have /24 mask:

/ip address add address=192.168.0.1/24 interface=ether2 
/ip dhcp-server network add gateway=192.168.0.1 address=192.168.0.0/24 dns-server=192.168.0.1

robot714 · Tue Aug 09, 2005 6:26 pm

Eugene,

What about "/ip firewall rule input add src-address=192.168.0.0/32 "

Thanks & Regards

Eugene · Tue Aug 09, 2005 7:56 pm

Also should be /24

robot714 · Thu Aug 11, 2005 8:17 am

robot714 · Thu Aug 11, 2005 8:17 am

Eugene,

Thanks for everything, it works great now. Can you please let me know if there is any documents i can find on mikrotik for more detail setup guide or training materials.

Regards

Thu Aug 11, 2005 9:34 am

http://www.mikrotik.com/docs/ros/2.9/
http://www.mikrotik.com/docs/ros/2.8/

robot714 · Tue Aug 16, 2005 12:29 pm

Kipel,

Can find much information here, like firewall rules, cache ruls and etc

regards

Tue Aug 16, 2005 12:53 pm

we do not have any more documentation than in those links. ask in the forum if you want to know something that is not there.

transparent web proxy not working

transparent web proxy not working

Who is online