Page 1 of 1

Help needed, Cisco-Mikrotik-Bridged w/web-proxy & masque

Posted: Wed Oct 12, 2005 8:28 pm
by boardman
Hi, guys.

I need your help... how to configure the web-proxy in our mikrotik 2.9.5 box, but this is not a regular scenario or at least it is not behaving like a regular one.

We receive our 4 T1's in a cisco router in 4xT1 fashion, this cisco is also the gateway for all of our customers.

We have a mikrotik between the cisco and the customers.

This mikrotik performs mainly three tasks,

a) In bridge mode it controls the bandwidth for our customers using simple rules.

b) Firewall protection for known viruses and exploits or attacks.

c) Do NAT for our office LAN.

So heres the scenario:

Internet----Cisco----Mikrotik----Switch1-----Our LAN with privated IP's,
On a different interface----Switch2 with our customers network with public IP's.

Interface connected to the cisco is EXT
Interface connected to the switch1 is APL-LAN
Interface connected to the switch2 is INT
EXT & INT in bridge mode, interface = bridge1
Web-Proxy enabled, running on Primary slave, transparent mode, port 3128.

Well, all this to do the question , How can I setup the web-proxy to work for our customers and for our nated users.

/ip firewall nat add in-interface=EXT dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat

Does not work....

/ip firewall nat add in-interface=bridge1 dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat

Does not work either....

Perhaps because bridge is layer 2 ?

Please help....

Here is some outputs that may be usefull to be posted;

ip web-proxy> print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "proxy.autophone.net"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "webmaster"
max-object-size: 4096KiB
cache-drive: primary-slave
max-cache-size: 30000000KiB
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 29999104KiB
reserved-for-ram-cache: 53248KiB

ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=bridge1 src-address=192.168.1.0/24 action=masquerade

1 X chain=dstnat in-interface=EXT protocol=tcp dst-port=80 action=redirect to-ports=3128

interface bridge1> print
Flags: X - disabled, R - running
0 R name="bridge" mtu=1500 arp=enabled mac-address=00:D0:B7:00:BA:20 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=5s hello-time=2s max-message-age=20s

interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R APL-LAN ether 0 0 1500
1 R INT ether 0 0 1500
2 R EXT ether 0 0 1500
3 R bridge1 bridge 0 0 1500

ip web-proxy access> print
Flags: X - disabled, I - invalid
0 ;;; block telnet & spam e-mail relaying
dst-port=23-25 action=deny

1 ;;; block telnet & spam e-mail relaying
dst-port=23-25 action=deny

ip web-proxy cache> print
Flags: X - disabled, I - invalid
0 ;;; don't cache dynamic http pages
url=":cgi-bin \\?" action=deny

Thks in advance for your help

Please help me to solve Web-Proxy Transparent

Posted: Wed Oct 12, 2005 9:51 pm
by proweb
bro...i have problem with my proxy.
How could to input my transparant proxy, so i if i didn't insert ip proxy in internet explorer
Just Like this picture
Image

I just want to, give solution if the address is invalid so the http error will make interface my email address as administrator. I used OS MT versi 2.8.6 with 6 level key.

Please give me the rule to input the scripts...

Thanks before...bro.

I do not know what you mean...

Posted: Thu Oct 13, 2005 12:34 am
by boardman
Hi, I do not understand what you mean,,,, please try to explain further.

Paste some of your configuration in order to help u.


Best

Jorge

anyone?

Posted: Fri Oct 14, 2005 11:02 pm
by boardman
Hi, any ideas or suggestions on the Cisco-Mikrotik as bridge , transp web-proxy issue?

Any Help?

Posted: Sat Oct 15, 2005 10:16 pm
by boardman
Any help, please .... ?

any?

Posted: Sat Oct 22, 2005 1:16 am
by boardman
anyone?

Posted: Sat Oct 22, 2005 3:56 am
by wildbill442
What exactly is the problem, caching is not working for any user? Or is it working for the non-NAT'd users but not the NAT'd? or vise-versa?

Also what interfaces are bridged? from your description it sounds like EXT & INT should be part of bridge1 and APL-LAN should be routed/NAT'd and NOT part of the bridge. (if in fact APL-LAN is the interface your NAT'd clients are on)

Answers

Posted: Mon Oct 24, 2005 9:16 pm
by boardman
What exactly is the problem, caching is not working for any user?
Or is it working for the non-NAT'd users but not the NAT'd? or vise-versa?
No it is not working for any user.

Also what interfaces are bridged?
- EXT & INT are part of bridge1.
- APL-LAN is NAT'd and NOT part of the bridge.
- APL-LAN is the interface where my NAT'd clients are.

What going on, anybody willing to help?

Posted: Fri Nov 11, 2005 6:13 pm
by boardman
Please.... I have been waitting for help a long time.....


Jorge