Page 1 of 1

Redirect All Trafic To Proxy Server in one LAN

Posted: Sun Dec 25, 2005 1:06 am
by kujtos
Hi

I have one gateway with ip : 192.168.0.1 and this Box is connected To internet. - this line is: 128kbps
with this line i use routes for public ip addresses 254 Ip-s.


Also another box in IP: 192.168.0.2 with Squid proxy at port 8080. also this box is connected to internet - this line is 16Mbps Skydsl Downstream and 128 Upload.



Workstations Use their ip : 192.168.0.0/24 with gateway : 192.168.0.1 , and into Firefox i use proxy : 192.168.0.2:8080..



Please can anyone help me how to redirect all http traffic from 192.168.0.1:80 to 192.168.0.2:8080

Best regards,

Posted: Sun Dec 25, 2005 1:19 am
by proxy
which version of MT are you using?

Kujtos

Posted: Sun Dec 25, 2005 1:32 am
by kujtos
I'm Using 2.8 OS MT

Kujtos

Posted: Sun Dec 25, 2005 1:37 am
by kujtos
I have foud the solution like this:

I have enable Proxy server in 192.168.0.1 and trough Transparent proxy i have connect to 192.168.0.2.

Now i Just nned a help How to redirect All traffic from 192.168.0.1:80 to 192.168.0.1:8080 and beacouse 192.168.0.1:8080 is connectet with transparent proxy of 192.168.0.2 i thin it will Work

Best regards,

Posted: Sun Dec 25, 2005 1:09 pm
by cabana
Try

add in-interface=ether1 protocol=tcp dst-address=!192.168.0.1/32:80 action=redirect to-dst-port=8080

aser the manual

Thanks

Posted: Sun Dec 25, 2005 6:50 pm
by kujtos
Thanks Man,

You have save me .

Proxyyyy :::

Posted: Mon Dec 26, 2005 7:55 pm
by kujtos
I have solved the problem For port 80

but fttp port dosent Work.

Is there any chanse to redirect trafic of FTP from MT to another host at port 2121.

Like i have write Up:

All trafic from 192.168.0.1 port 21 to redirect to 192.168.0.2 at port 2121 .

Re: Proxyyyy :::

Posted: Mon Dec 26, 2005 8:35 pm
by mag
i guess one needs an application-proxy to handle this kind of redirection.
otherwise the answer from e.g. the ftp-server comes from an unexpected ip-address to the client and will be discarded.

Posted: Mon Dec 26, 2005 11:30 pm
by Tonda
I agree with MAG but I think you should also try to correctly set up firewall rules in order to allow incoming established and related connections, this should be some kind of substitute for application proxy. I am not sure about this, but you can try..

I think

Posted: Mon Dec 26, 2005 11:39 pm
by kujtos
I think like this..... I dont know does it work like this LOGIC

All protocol for port 80 from eth1 to be redirected to port: 8080 of eth1 at IP 192.168.0.2

And protocol for port 21 from eth1 to be redirected to port: 2121 of eth1 at IP 192.168.0.2

Does it can work like this..

Posted: Mon Dec 26, 2005 11:44 pm
by Tonda
I suppose at 192.168.0.2:8080 is some kind of webproxy running. What service is running at 192.168.0.2:2121? Imagine that soembody from your internal network tries to connect to FTP server X.X.X.X:21. First SYN packet comes to your Mikrotik, there you have some kind of dst-nat rule, which changes destination address of this packet to 192.168.0.2:2121 and that is all folks...You lost your original destination address.

Re: Proxyyyy :::

Posted: Tue Dec 27, 2005 2:55 am
by cibernet
I have solved the problem For port 80

but fttp port dosent Work.

Is there any chanse to redirect trafic of FTP from MT to another host at port 2121.

Like i have write Up:

All trafic from 192.168.0.1 port 21 to redirect to 192.168.0.2 at port 2121 .
You must use parent proxy to work...

im

Posted: Tue Dec 27, 2005 12:59 pm
by kujtos
At host: 192.168.0.2 i have Satellite Downstream of 16Mbit/s that work like this:

192.168.0.2:8080 have a proxy server
192.168.0.2:2121 is FTP proxy
192.168.0.2:1080 Socket

To use sattelite downstream i neded to write to all my hosts proxy for Firefox and IE. but sometime Some of the user change them and they are not satisfy with the speed my default gateway 192.168.0.1.

If its posible to Redirect all the trafic for ftp , www, and socket to 192.168.0.2 it will solve too many problems.

Posted: Tue Dec 27, 2005 1:26 pm
by Tonda
Important question: why do you try to redirect client connections when http proxy and also FTP proxy is reachable directly in your internal network?

Why I Need This..

Posted: Tue Dec 27, 2005 2:05 pm
by kujtos
I need this beacouse In the Net caffe that is installed i have more than 60 Hosts, And in a Day we have more than 500 Customers.

Someone changes the proxy setting and after they finish their job do not put the proxy how it was.. And there are problems.....

the cashier is allway in searching who have change the proxy and something like that

Posted: Tue Dec 27, 2005 2:22 pm
by Tonda
What operating system do you use in your client workstations? I think primary goal in this case is to prevent your customers to modify your workstation configuration...

Posted: Tue Dec 27, 2005 5:08 pm
by cabana
I agree with tonda, you should look at putting some sort of Cyber Cafe management software on your machines. That way you would have full control over what is going on

Posted: Wed Dec 28, 2005 11:24 am
by maroon
you have to redirect the http to the server with DVB box...

you should use the dst-nat and transparent proxy ...

Regards,

Re: Why I Need This..

Posted: Wed Dec 28, 2005 3:15 pm
by philip
I need this beacouse In the Net caffe that is installed i have more than 60 Hosts, And in a Day we have more than 500 Customers.

Someone changes the proxy setting and after they finish their job do not put the proxy how it was.. And there are problems.....

the cashier is allway in searching who have change the proxy and something like that
In that case, you need something sound like system goback. Eash time your client finished use the pc, than restart it and system back to your original seting. So, the next user should be not problem to use the pc.
Is it a good ideal, better than searching all over the pc...

rgs

Posted: Wed Dec 28, 2005 9:32 pm
by Tonda
To kujtos:
You haven't answered what operating system do you use. I am not able to recognize what answer is best for you.