Hi, guys.
I need your help... how to configure the web-proxy in our mikrotik 2.9.5 box, but this is not a regular scenario or at least it is not behaving like a regular one.
We receive our 4 T1's in a cisco router in 4xT1 fashion, this cisco is also the gateway for all of our customers.
We have a mikrotik between the cisco and the customers.
This mikrotik performs mainly three tasks,
a) In bridge mode it controls the bandwidth for our customers using simple rules.
b) Firewall protection for known viruses and exploits or attacks.
c) Do NAT for our office LAN.
So heres the scenario:
Internet----Cisco----Mikrotik----Switch1-----Our LAN with privated IP's,
On a different interface----Switch2 with our customers network with public IP's.
Interface connected to the cisco is EXT
Interface connected to the switch1 is APL-LAN
Interface connected to the switch2 is INT
EXT & INT in bridge mode, interface = bridge1
Web-Proxy enabled, running on Primary slave, transparent mode, port 3128.
Well, all this to do the question , How can I setup the web-proxy to work for our customers and for our nated users.
/ip firewall nat add in-interface=EXT dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat
Does not work....
/ip firewall nat add in-interface=bridge1 dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat
Does not work either....
Perhaps because bridge is layer 2 ?
Please help....
Here is some outputs that may be usefull to be posted;
ip web-proxy> print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "proxy.autophone.net"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "webmaster"
max-object-size: 4096KiB
cache-drive: primary-slave
max-cache-size: 30000000KiB
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 29999104KiB
reserved-for-ram-cache: 53248KiB
ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=bridge1 src-address=192.168.1.0/24 action=masquerade
1 X chain=dstnat in-interface=EXT protocol=tcp dst-port=80 action=redirect to-ports=3128
interface bridge1> print
Flags: X - disabled, R - running
0 R name="bridge" mtu=1500 arp=enabled mac-address=00:D0:B7:00:BA:20 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=5s hello-time=2s max-message-age=20s
interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R APL-LAN ether 0 0 1500
1 R INT ether 0 0 1500
2 R EXT ether 0 0 1500
3 R bridge1 bridge 0 0 1500
ip web-proxy access> print
Flags: X - disabled, I - invalid
0 ;;; block telnet & spam e-mail relaying
dst-port=23-25 action=deny
1 ;;; block telnet & spam e-mail relaying
dst-port=23-25 action=deny
ip web-proxy cache> print
Flags: X - disabled, I - invalid
0 ;;; don't cache dynamic http pages
url=":cgi-bin \\?" action=deny
Thks in advance for your help
Please help me to solve Web-Proxy Transparent
bro...i have problem with my proxy.
How could to input my transparant proxy, so i if i didn't insert ip proxy in internet explorer
Just Like this picture
I just want to, give solution if the address is invalid so the http error will make interface my email address as administrator. I used OS MT versi 2.8.6 with 6 level key.
Please give me the rule to input the scripts...
Thanks before...bro.
How could to input my transparant proxy, so i if i didn't insert ip proxy in internet explorer
Just Like this picture
I just want to, give solution if the address is invalid so the http error will make interface my email address as administrator. I used OS MT versi 2.8.6 with 6 level key.
Please give me the rule to input the scripts...
Thanks before...bro.
I do not know what you mean...
Hi, I do not understand what you mean,,,, please try to explain further.
Paste some of your configuration in order to help u.
Best
Jorge
Paste some of your configuration in order to help u.
Best
Jorge
anyone?
Hi, any ideas or suggestions on the Cisco-Mikrotik as bridge , transp web-proxy issue?
Any Help?
Any help, please .... ?
any?
anyone?
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
What exactly is the problem, caching is not working for any user? Or is it working for the non-NAT'd users but not the NAT'd? or vise-versa?
Also what interfaces are bridged? from your description it sounds like EXT & INT should be part of bridge1 and APL-LAN should be routed/NAT'd and NOT part of the bridge. (if in fact APL-LAN is the interface your NAT'd clients are on)
Also what interfaces are bridged? from your description it sounds like EXT & INT should be part of bridge1 and APL-LAN should be routed/NAT'd and NOT part of the bridge. (if in fact APL-LAN is the interface your NAT'd clients are on)
Answers
What exactly is the problem, caching is not working for any user?
Or is it working for the non-NAT'd users but not the NAT'd? or vise-versa?
No it is not working for any user.
Also what interfaces are bridged?
- EXT & INT are part of bridge1.
- APL-LAN is NAT'd and NOT part of the bridge.
- APL-LAN is the interface where my NAT'd clients are.
Or is it working for the non-NAT'd users but not the NAT'd? or vise-versa?
No it is not working for any user.
Also what interfaces are bridged?
- EXT & INT are part of bridge1.
- APL-LAN is NAT'd and NOT part of the bridge.
- APL-LAN is the interface where my NAT'd clients are.
What going on, anybody willing to help?
Please.... I have been waitting for help a long time.....
Jorge
Jorge