Community discussions

MUM Europe 2020
 
boardman
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

Help needed, Cisco-Mikrotik-Bridged w/web-proxy & masque

Wed Oct 12, 2005 8:28 pm

Hi, guys.

I need your help... how to configure the web-proxy in our mikrotik 2.9.5 box, but this is not a regular scenario or at least it is not behaving like a regular one.

We receive our 4 T1's in a cisco router in 4xT1 fashion, this cisco is also the gateway for all of our customers.

We have a mikrotik between the cisco and the customers.

This mikrotik performs mainly three tasks,

a) In bridge mode it controls the bandwidth for our customers using simple rules.

b) Firewall protection for known viruses and exploits or attacks.

c) Do NAT for our office LAN.

So heres the scenario:

Internet----Cisco----Mikrotik----Switch1-----Our LAN with privated IP's,
On a different interface----Switch2 with our customers network with public IP's.

Interface connected to the cisco is EXT
Interface connected to the switch1 is APL-LAN
Interface connected to the switch2 is INT
EXT & INT in bridge mode, interface = bridge1
Web-Proxy enabled, running on Primary slave, transparent mode, port 3128.

Well, all this to do the question , How can I setup the web-proxy to work for our customers and for our nated users.

/ip firewall nat add in-interface=EXT dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat

Does not work....

/ip firewall nat add in-interface=bridge1 dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat

Does not work either....

Perhaps because bridge is layer 2 ?

Please help....

Here is some outputs that may be usefull to be posted;

ip web-proxy> print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "proxy.autophone.net"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "webmaster"
max-object-size: 4096KiB
cache-drive: primary-slave
max-cache-size: 30000000KiB
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 29999104KiB
reserved-for-ram-cache: 53248KiB

ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=bridge1 src-address=192.168.1.0/24 action=masquerade

1 X chain=dstnat in-interface=EXT protocol=tcp dst-port=80 action=redirect to-ports=3128

interface bridge1> print
Flags: X - disabled, R - running
0 R name="bridge" mtu=1500 arp=enabled mac-address=00:D0:B7:00:BA:20 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=5s hello-time=2s max-message-age=20s

interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R APL-LAN ether 0 0 1500
1 R INT ether 0 0 1500
2 R EXT ether 0 0 1500
3 R bridge1 bridge 0 0 1500

ip web-proxy access> print
Flags: X - disabled, I - invalid
0 ;;; block telnet & spam e-mail relaying
dst-port=23-25 action=deny

1 ;;; block telnet & spam e-mail relaying
dst-port=23-25 action=deny

ip web-proxy cache> print
Flags: X - disabled, I - invalid
0 ;;; don't cache dynamic http pages
url=":cgi-bin \\?" action=deny

Thks in advance for your help
 
proweb
newbie
Posts: 48
Joined: Sat Oct 08, 2005 10:04 pm

Please help me to solve Web-Proxy Transparent

Wed Oct 12, 2005 9:51 pm

bro...i have problem with my proxy.
How could to input my transparant proxy, so i if i didn't insert ip proxy in internet explorer
Just Like this picture
Image

I just want to, give solution if the address is invalid so the http error will make interface my email address as administrator. I used OS MT versi 2.8.6 with 6 level key.

Please give me the rule to input the scripts...

Thanks before...bro.
 
boardman
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

I do not know what you mean...

Thu Oct 13, 2005 12:34 am

Hi, I do not understand what you mean,,,, please try to explain further.

Paste some of your configuration in order to help u.


Best

Jorge
 
boardman
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

anyone?

Fri Oct 14, 2005 11:02 pm

Hi, any ideas or suggestions on the Cisco-Mikrotik as bridge , transp web-proxy issue?
 
boardman
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

Any Help?

Sat Oct 15, 2005 10:16 pm

Any help, please .... ?
 
boardman
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

any?

Sat Oct 22, 2005 1:16 am

anyone?
 
wildbill442
Forum Guru
Forum Guru
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Sat Oct 22, 2005 3:56 am

What exactly is the problem, caching is not working for any user? Or is it working for the non-NAT'd users but not the NAT'd? or vise-versa?

Also what interfaces are bridged? from your description it sounds like EXT & INT should be part of bridge1 and APL-LAN should be routed/NAT'd and NOT part of the bridge. (if in fact APL-LAN is the interface your NAT'd clients are on)
 
boardman
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

Answers

Mon Oct 24, 2005 9:16 pm

What exactly is the problem, caching is not working for any user?
Or is it working for the non-NAT'd users but not the NAT'd? or vise-versa?
No it is not working for any user.

Also what interfaces are bridged?
- EXT & INT are part of bridge1.
- APL-LAN is NAT'd and NOT part of the bridge.
- APL-LAN is the interface where my NAT'd clients are.
 
boardman
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

What going on, anybody willing to help?

Fri Nov 11, 2005 6:13 pm

Please.... I have been waitting for help a long time.....


Jorge

Who is online

Users browsing this forum: sid5632, Znevna and 80 guests