I am sorry if this is redundant, but I am not finding a post that shows an example. I am setting up a hotspot in 2.9 with http traffic logging
I used 2.8 before and logged the http requests sent through the transparent proxy. I turned on web-proxy on 2.9 but I cannot seem to tell if :
a) the traffic is passing through the proxy
and
b) the firewall rule to get it to log the http traffic
I see that lastguru posted something a while back, but it was in 2.8 format and when I tried it in 2.9 in /ip firewall filter, it logged all packets passing through the router instead.
Please help. Thanks
Help
I have spent several hours trying to figure out what fireall rules to insert to attain the results, but to no avail. Please help some in forum or from MT.
I emailed MT, but have gotten no response. I do not understand why running web-proxy and then logging the http requests was no issue for me in 2.8. I do not have my old config to look at, but I remember when I configured it, it was no a problem. There must be something stupid that I am missing. Please help.
I emailed MT, but have gotten no response. I do not understand why running web-proxy and then logging the http requests was no issue for me in 2.8. I do not have my old config to look at, but I remember when I configured it, it was no a problem. There must be something stupid that I am missing. Please help.
Use Traffic Counter program to account data for HotSpot users:
http://www.mikrotik.com/download.html#t ... ment_utils
http://www.mikrotik.com/download.html#t ... ment_utils
URL logging
I mean that I would like to log the URL's visited by hotspot users.
web-proxy not redirecting
My problem seems to be that my http traffic is not redirecting through the web-proxy automatically.
What I originally forgot is that since the http requests pass through the proxy, it is automatically logged with no need to additional logging rules. I forgot this because my proxy redirect is not working. Can anyone help me understand why it is not automatically receiving port 80 traffic redirected to port 8080.
I turned on web-proxy with the following settings:
And then I have the following dst-nat rules:
Rule 1 should forward all wireless port 80 traffic to the proxy on 8080 no matter what the hotspot user has set in his web browser, right?
It is only sending traffic to web-proxy if I set my browser proxy settings to manually point to the proxy. I does not work automatically for some reason. I am using 2.9.8
Any ideas why? I must be missing something simple...
Thanks
What I originally forgot is that since the http requests pass through the proxy, it is automatically logged with no need to additional logging rules. I forgot this because my proxy redirect is not working. Can anyone help me understand why it is not automatically receiving port 80 traffic redirected to port 8080.
I turned on web-proxy with the following settings:
Code: Select all
[admin@MikroTik] ip web-proxy> print
enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: "proxy"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "webmaster"
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 2048KiBCode: Select all
[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; masquerade hotspot network
chain=srcnat src-address=10.10.10.0/24 action=masquerade
1 chain=dstnat in-interface=wlan1 dst-address=!10.10.10.1 protocol=tcp dst-port=80 action=redirect to-ports=8080 It is only sending traffic to web-proxy if I set my browser proxy settings to manually point to the proxy. I does not work automatically for some reason. I am using 2.9.8
Any ideas why? I must be missing something simple...
Thanks
Hotspot in version 2.9 uses internal http proxy ("/ip proxy"). It does not
provide logging facility. For caching and logging parent proxy can be used:
provide logging facility. For caching and logging parent proxy can be used:
Code: Select all
/ip hotspot profile set default http-proxy=10.10.10.1:8080redirecting to /ip web-proxy
Thank you for the reply.
2.9.8 does have the /ip web-proxy feature. I want all traffic dst=80 to be forwarded to the web-proxy on port 8080.
The firewall rule which is listed on the /ip web-proxy manual page, which says that it will do this, is not working. I am not interested in the hotspot proxy or the /ip proxy. I only want all of my local http traffic to be sent through the /ip web-proxy.
Can this no longer be done? Why is the /ip web-proxy available with the transparent-proxy option if it does not work as it is explained in the manual?
The forum posts I have seen talk about people using it, I just can't seem to get the dst-nat firewall rule to send port 80 traffic to 8080.
Please advise.
Thanks
2.9.8 does have the /ip web-proxy feature. I want all traffic dst=80 to be forwarded to the web-proxy on port 8080.
The firewall rule which is listed on the /ip web-proxy manual page, which says that it will do this, is not working. I am not interested in the hotspot proxy or the /ip proxy. I only want all of my local http traffic to be sent through the /ip web-proxy.
Can this no longer be done? Why is the /ip web-proxy available with the transparent-proxy option if it does not work as it is explained in the manual?
The forum posts I have seen talk about people using it, I just can't seem to get the dst-nat firewall rule to send port 80 traffic to 8080.
Please advise.
Thanks
Last edited by hecklertm on Mon Nov 21, 2005 12:19 pm, edited 1 time in total.
originally 2.8.27 upgraded to 2.9.8
The cf card that I bought with MT on it was shipped with 2.8.27 for some reason, and I had to upgrade it to 2.9.8. I upgraded it before I did any of the router config, so I was not trying to use any older 2.8 settings. Is it possible that the upgrade caused some sort of package problem that makes some of the features working improperly?
Your redirect rule does not work, because of another (dynamic) redirect rule
placed before. See for yourself:
/ip firewall nat print all
Hotspot needs that redirect to its own http proxy for several features to work
(for example, http walled-garden, universal proxy, advertisements, status
page for users using mac-login). If those features are not needed, then
transparent http proxy for logged-in hotspot clients can be disabled:
/ip hotspot user profile set default transparent-proxy=no
But keep in mind, that it will not work as expected for all clients. For
example, clients with configured parent proxy in web browser will still use
hotspot http proxy. And clients, which are not yet logged in, will use
hotspot http proxy as well.
Best way to pass all http requests (dst-port=80 and probably some other ports
as well) through any other web proxy, is to set http-proxy in hotspot server
profile. That will work in all cases, even for clients, which are not yet
logged in. None firewall rules are needed in this case - hotspot does
everything automatically.
placed before. See for yourself:
/ip firewall nat print all
Hotspot needs that redirect to its own http proxy for several features to work
(for example, http walled-garden, universal proxy, advertisements, status
page for users using mac-login). If those features are not needed, then
transparent http proxy for logged-in hotspot clients can be disabled:
/ip hotspot user profile set default transparent-proxy=no
But keep in mind, that it will not work as expected for all clients. For
example, clients with configured parent proxy in web browser will still use
hotspot http proxy. And clients, which are not yet logged in, will use
hotspot http proxy as well.
Best way to pass all http requests (dst-port=80 and probably some other ports
as well) through any other web proxy, is to set http-proxy in hotspot server
profile. That will work in all cases, even for clients, which are not yet
logged in. None firewall rules are needed in this case - hotspot does
everything automatically.
Normis:
Thank you for the detailed explanation. I appreciate it very much. I hope that the wiki project goes well, so that a wiki faq called "How to cache or log http requests for hotspot users?" includes what you just posted and also the prior post which says that a parent proxy must be used if caching and logging is needed, AND if you wish to use the internal web-proxy as the parent proxy, issue a command such as:
/ip hotspot profile set abc http-proxy=routerip:web-proxyport
where abc = the hotspot profile in use (i.e. default or hsprof1)
and routerip:web-proxyport = ip address of the router and the port specified in the /ip web-proxy settings.
Thanks again. My logging is working great. I knew I must have been missing something simple
Thank you for the detailed explanation. I appreciate it very much. I hope that the wiki project goes well, so that a wiki faq called "How to cache or log http requests for hotspot users?" includes what you just posted and also the prior post which says that a parent proxy must be used if caching and logging is needed, AND if you wish to use the internal web-proxy as the parent proxy, issue a command such as:
/ip hotspot profile set abc http-proxy=routerip:web-proxyport
where abc = the hotspot profile in use (i.e. default or hsprof1)
and routerip:web-proxyport = ip address of the router and the port specified in the /ip web-proxy settings.
Thanks again. My logging is working great. I knew I must have been missing something simple
Who is online
Users browsing this forum: peterda and 31 guests