Community discussions

MikroTik App
  4. RouterOS
  5. General

How to Enable Web Proxy for 1 subnet

Post Reply
 
alexandria
newbie
Topic Author
Posts: 33
Joined: Mon Mar 11, 2013 7:28 am

How to Enable Web Proxy for 1 subnet

Sat Jun 21, 2014 10:03 am

Hi All,

I have 2 networks running on my MT> I want to apply web proxy to 192.168.10.0/24 only, but my other network which is 192.168.11.0/24 is also affected. below is my config.
Code: Select all
enabled: yes
             src-address: 192.168.10.254
                    port: 8080
               anonymous: yes
            parent-proxy: 0.0.0.0
       parent-proxy-port: 0
     cache-administrator: Network Admin
          max-cache-size: unlimited
   max-cache-object-size: 2048KiB
           cache-on-disk: yes
  max-client-connections: 600
  max-server-connections: 600
          max-fresh-time: 3d
   serialize-connections: no
       always-from-cache: no
          cache-hit-dscp: 4
             cache-drive: system
How do I bypass 192.168.11.0/24 network from the webproxy?

I have tried adding

192.168.11.1 (gw) to allow, but there is no changes.
Top
 
completenewbee
just joined
Posts: 3
Joined: Sun Jun 22, 2014 4:47 pm

Re: How to Enable Web Proxy for 1 subnet

Sun Jun 22, 2014 8:48 pm

Inside your "/ip firewall nat" you should be redirecting all tcp traffic destine to port 80 currently to port 8080. You should be able to change that to only match certain src-address-list.
Code: Select all
/ip firewall address-list
add address=192.168.10.0/24 list=PROXY_CLIENTS

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address-list=PROXY_CLIENTS to-ports=8080
Top
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: How to Enable Web Proxy for 1 subnet

Mon Jun 23, 2014 9:12 am

Do you use it as a transparent proxy ? If you do then you have some firewall rule to redirect the http traffic to 8080 on your router. Just add src-address with 192.168.10.0/24 to that rule and it will redirect only this subnet.
Top
 
alexandria
newbie
Topic Author
Posts: 33
Joined: Mon Mar 11, 2013 7:28 am

Re: How to Enable Web Proxy for 1 subnet

Mon Jun 23, 2014 9:58 am

Thank you for your reply. Yes its transparent proxy.


Is there anyway to bypass it from the web proxy itself?

The network 192.168.10.0/24 is for office use, so most of the unwanted sites are blocked (only work related websites allowed) on the other hand
192.168.11.0/24 is the living quaters network only porn sites are blocked.

Is there anyway to do this?
Top
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: How to Enable Web Proxy for 1 subnet

Mon Jun 23, 2014 2:03 pm

In your case if you need different sites blocked you need to redirect both networks to the proxy. I think you do that already.
And yes what you need is possible. You can specify different rules for different networks.
In the web proxy settings there is a tab called Access. There you specify what is allowed and what is denied to customers. Look around and I'm sure you will see how it is done. The order of rules is very important here.
Top
Post Reply
  4. RouterOS
  5. General