i have an CHR(RouterOS 7.2), which i use for some Clients to Access the Internet.
It has an VLAN Interface for the Clients (10.69.16.0/21) and one VLAN Interface for my Servers (10.69.1.0/24).
In the Server Subnet i have deployed an squid Proxy (10.69.1.10), which i use as an Transparent Proxy via an Routing Mark on Port 80 and 443.
This is my configuration:
Code: Select all
/ip firewall mangle
add action=accept chain=prerouting dst-port=80 protocol=tcp src-address=10.69.1.10
add action=accept chain=prerouting dst-port=443 protocol=tcp src-address=10.69.1.10
add action=mark-routing chain=prerouting dst-address-list=!Proxy-Ausnahmen-Ziele dst-port=80 new-routing-mark=to_proxy passthrough=yes protocol=tcp src-address=10.69.16.0/21 src-address-list=!Proxy-Exceptions
add action=mark-routing chain=prerouting dst-address-list=!Proxy-Ausnahmen-Ziele dst-port=443 new-routing-mark=to_proxy passthrough=yes protocol=tcp src-address=10.69.16.0/21 src-address-list=!Proxy-Exceptions
add action=accept chain=prerouting routing-mark=to_proxy
/routing table
add disabled=no fib name=to_proxy
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=10.69.1.10 routing-table=to_proxy suppress-hw-offload=no
As i now want to get my Clients IPv6 Addresses, i need to implement this for IPv6. With the same Configuration in IPv6, simply nothing happens and the Clients have just normal direct Internet Access via their IPv6 Addresses.
This is, what i have tried:
Code: Select all
/ipv6 firewall mangle
add action=accept chain=forward dst-port=80 dst-prefix=::/0 protocol=tcp src-address=2001:XXX:XXX:500::10/128 src-prefix=::/0
add action=accept chain=forward dst-port=443 dst-prefix=::/0 protocol=tcp src-address=2001:XXX:XXX:500::10/128 src-prefix=::/0
add action=mark-routing chain=forward dst-port=80 dst-prefix=::/0 new-routing-mark=to_proxy6 passthrough=yes protocol=tcp src-address=2001:XXX:XXX:501::/64 src-prefix=::/0
add action=mark-routing chain=forward dst-port=443 dst-prefix=::/0 new-routing-mark=to_proxy6 passthrough=yes protocol=tcp src-address=2001:XXX:XXX:501::/64 src-prefix=::/0
add action=accept chain=forward dst-prefix=::/0 routing-mark=to_proxy6 src-prefix=::/0
/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=2001:XXX:XXX:500::10 routing-table=to_proxy6 scope=30 target-scope=10
/routing table
add disabled=no fib name=to_proxy6
Help would be much appreciated!
Best Regards