Community discussions

MikroTik App
  4. RouterOS
  5. General

totally transparent proxy

Post Reply
 
amtisrac
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Mon Jun 13, 2005 10:53 am
Location: Hungary

totally transparent proxy

Thu Jun 01, 2006 12:29 pm

I have a network (10.53.0.0/24). The users uses proxy (10.53.0.1:3128). The proxy has an adsl link and a leased line. When an visitor comes, he cannot use web, because he don't know our proxy address or he has other proxy settings (for example 10.53.2.1:3128 or 10.52.100.254:3128 etc) All visitors are dhcp client. I need a transparent(?) proxy for visitors, but only for web (to adsl link)! This proxy must be totally invisible from outside (another location or park) and for visitors. Unfortunately I have'nt access for client and for visitors, so I can't modify our configuration. Have you any idea?

(10.53.0.0/24)--[(dhcp server);(proxy server)]---(leased line router)---(inernet)--(leased line router)--[dhcp,dns etc]--(10.53.1.0/24)
(internet)--(leased line router)--[dhcp,dns etc]--(10.53.2.0/24)
(internet)--(leased line router)--[dhcp,dns etc]--(10.53.3.0/24)
(internet)--(leased line router)--[dhcp,dns etc]--(10.53.4.0/24)
etc
All 10.53.0.0/16 network are an virtual network during the leased line routers)
It is understandably?
Top
 
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 7:22 pm
Location: Marcos Juárez, Córdoba, Argentina
Contact:
Contact cibernet

Re: totally transparent proxy

Thu Jun 01, 2006 1:07 pm

I have a network (10.53.0.0/24). The users uses proxy (10.53.0.1:3128). The proxy has an adsl link and a leased line. When an visitor comes, he cannot use web, because he don't know our proxy address or he has other proxy settings (for example 10.53.2.1:3128 or 10.52.100.254:3128 etc) All visitors are dhcp client. I need a transparent(?) proxy for visitors, but only for web (to adsl link)! This proxy must be totally invisible from outside (another location or park) and for visitors. Unfortunately I have'nt access for client and for visitors, so I can't modify our configuration. Have you any idea?

(10.53.0.0/24)--[(dhcp server);(proxy server)]---(leased line router)---(inernet)--(leased line router)--[dhcp,dns etc]--(10.53.1.0/24)
(internet)--(leased line router)--[dhcp,dns etc]--(10.53.2.0/24)
(internet)--(leased line router)--[dhcp,dns etc]--(10.53.3.0/24)
(internet)--(leased line router)--[dhcp,dns etc]--(10.53.4.0/24)
etc
All 10.53.0.0/16 network are an virtual network during the leased line routers)
It is understandably?
Use firewall and ACL (webproxy) to only allow what you want. Then just make the redirection to your webproxy port on dst-nat.

Regards
Top
 
amtisrac
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Mon Jun 13, 2005 10:53 am
Location: Hungary

Re: totally transparent proxy

Thu Jun 01, 2006 1:50 pm

please delete it
Last edited by amtisrac on Thu Jun 01, 2006 1:53 pm, edited 1 time in total.
Top
 
amtisrac
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Mon Jun 13, 2005 10:53 am
Location: Hungary

Re: totally transparent proxy

Thu Jun 01, 2006 1:51 pm


Use firewall and ACL (webproxy) to only allow what you want. Then just make the redirection to your webproxy port on dst-nat.

Regards
ok, but if I want to make a totally transparent device (for any other things windows network etc) then i must make a bridge with 2 ethernet cards. And then howto? Can I mark the ip packet on the ip firewall in the input chain? Or howto? In the birdge firewall is not possible to mark packet by ip or not?

ps: sorry, double quote :) please delete another
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 26 guests
  4. RouterOS
  5. General