Community discussions

MikroTik App
 
DerSeekin
just joined
Topic Author
Posts: 2
Joined: Thu May 05, 2022 11:54 am

Transparent Proxy with IPv6

Thu May 05, 2022 12:15 pm

Hello,

i have an CHR(RouterOS 7.2), which i use for some Clients to Access the Internet.

It has an VLAN Interface for the Clients (10.69.16.0/21) and one VLAN Interface for my Servers (10.69.1.0/24).

In the Server Subnet i have deployed an squid Proxy (10.69.1.10), which i use as an Transparent Proxy via an Routing Mark on Port 80 and 443.

This is my configuration:
/ip firewall mangle
add action=accept chain=prerouting dst-port=80 protocol=tcp src-address=10.69.1.10
add action=accept chain=prerouting dst-port=443 protocol=tcp src-address=10.69.1.10
add action=mark-routing chain=prerouting dst-address-list=!Proxy-Ausnahmen-Ziele dst-port=80 new-routing-mark=to_proxy passthrough=yes protocol=tcp src-address=10.69.16.0/21 src-address-list=!Proxy-Exceptions
add action=mark-routing chain=prerouting dst-address-list=!Proxy-Ausnahmen-Ziele dst-port=443 new-routing-mark=to_proxy passthrough=yes protocol=tcp src-address=10.69.16.0/21 src-address-list=!Proxy-Exceptions
add action=accept chain=prerouting routing-mark=to_proxy

/routing table
add disabled=no fib name=to_proxy

/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=10.69.1.10 routing-table=to_proxy suppress-hw-offload=no

This works totally fine - on IPv4. The Traffic on Port 80 and 443 is routed to the Proxy and the Clients get their Internet Access via the Proxy.

As i now want to get my Clients IPv6 Addresses, i need to implement this for IPv6. With the same Configuration in IPv6, simply nothing happens and the Clients have just normal direct Internet Access via their IPv6 Addresses.

This is, what i have tried:
/ipv6 firewall mangle
add action=accept chain=forward dst-port=80 dst-prefix=::/0 protocol=tcp src-address=2001:XXX:XXX:500::10/128 src-prefix=::/0
add action=accept chain=forward dst-port=443 dst-prefix=::/0 protocol=tcp src-address=2001:XXX:XXX:500::10/128 src-prefix=::/0
add action=mark-routing chain=forward dst-port=80 dst-prefix=::/0 new-routing-mark=to_proxy6 passthrough=yes protocol=tcp src-address=2001:XXX:XXX:501::/64 src-prefix=::/0
add action=mark-routing chain=forward dst-port=443 dst-prefix=::/0 new-routing-mark=to_proxy6 passthrough=yes protocol=tcp src-address=2001:XXX:XXX:501::/64 src-prefix=::/0
add action=accept chain=forward dst-prefix=::/0 routing-mark=to_proxy6 src-prefix=::/0

/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=2001:XXX:XXX:500::10 routing-table=to_proxy6 scope=30 target-scope=10

/routing table
add disabled=no fib name=to_proxy6
Any suggestions how to do this?

Help would be much appreciated!

Best Regards

Who is online

Users browsing this forum: Google [Bot] and 55 guests