Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

How do I enable proxy setting for a specific network?

Locked
 
User avatar
YasinOnline
just joined
Topic Author
Posts: 7
Joined: Tue Feb 26, 2013 10:28 am
Location: Lahore, Pakistan
Contact:
Contact YasinOnline

How do I enable proxy setting for a specific network?

Tue May 14, 2013 8:19 am

Hi Everyone,

I have different networks i.e.
1) 192.168.0.0 (MT Router Board, PCC Load Balancing and Web Proxy are Configure)
2) 192.168.1.0 (WAN1)
3) 192.168.15.0 (WAN2)

By any reason if MT Router is not working properly I need to change it directly WAN1 or WAN2 and this is very chaotic to go on each PC and change proxy setting.

Is there any way that when a computer has an IP of 192.168.0.0 network then its proxy setting should be enable automatically, and if it has IP of 192.168.1.0 or 192.168.15.0 networks then proxy server settings are disable also automatically and "automatically detect setting" is enable. Along with "FlushNDS, IP Release, IP renew" commands?

All setting would be implemented for "Internet Explorer, Google Chrome, Firefox" browsers.

Thanking in advance.
Top
 
User avatar
aacable
Member
Member
Posts: 435
Joined: Wed Sep 17, 2008 11:58 am
Location: ISLAMIC Republic of PAKISTAN
Contact:
Contact aacable

Re: How do I enable proxy setting for a specific network?

Thu May 16, 2013 7:59 am

Setup Transparent Proxy by adding NAT rule (which redirects port 80 to proxy) , and in src-address, enter your desired IP range e.g 192.168.0.1-192.168.0.255 that need to be redirected. This way only specific ip range will be redirected to local proxy and other requests will go directly.

Example:

/ip firewall nat
add action=redirect chain=dstnat comment="Redirect port 80 request to Mikrotik Web Proxy zzz" disabled=no dst-port=80 protocol=tcp src-address=192.168.0.0/24 to-ports=8080
Top
 
User avatar
YasinOnline
just joined
Topic Author
Posts: 7
Joined: Tue Feb 26, 2013 10:28 am
Location: Lahore, Pakistan
Contact:
Contact YasinOnline

Re: How do I enable proxy setting for a specific network?

Wed May 22, 2013 8:35 am

Dear Aacable,

Thank you on your support, its working for me :D .

I would like ask one more thing, how I can block or filter "HTTPS" traffic? Reason is when I use FireFox or IE ver 10 web browsers to access "Facebook" they use "HTTPS" rather than "HTTP" and unblock the "Facebook". i.e. "https:"//www.facebook.com" rather than "http://www.facebook.com".

Regards,
Top
 
User avatar
aacable
Member
Member
Posts: 435
Joined: Wed Sep 17, 2008 11:58 am
Location: ISLAMIC Republic of PAKISTAN
Contact:
Contact aacable

Re: How do I enable proxy setting for a specific network?

Wed May 22, 2013 11:08 am

There are many different ways to achieve this. You can transparently inspect DNS requests. you can NOT transparently inspect https traffic - it's encrypted.

Another method for blocking facebook with a mikrotik is to block at the DNS level.
Enable DNS server on the mikrotik, add invalid entries for facebook.com, then redirect user dns traffic to local dns server, which have fake entries for facebook, either for all users or specific range/user ip .
adding static dns entries example

/ip dns static
add address=127.0.0.1 disabled=no name=facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=www.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=www.fb.com ttl=5m
add address=127.0.0.1 disabled=no name=a.ns.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=b.ns.facebook.com ttl=5m


You can also block FACEBOOK by ip ranges. Blocking by IP ranges (of your required web sites) should also work.
Top
Locked
  4. RouterOS
  5. Beginner Basics