Dansguardian and MikroTik, cont'd.

imnlfn · Sun Apr 15, 2007 11:53 pm

Currently I have DHCP set up on my MT to assign new addresses out of a particular range and have the firewall set up to block all outgoing traffic from this range:

chain=forward src-address-list=filtered action=drop

I also have DansGuardian set up so that if a user who received one of these addresses wants access to the Internet, all she needs to do is configure her browser to use the DansGuardian IP as its proxy, on port 8080.

What I want to happen is for this to be all completely automatic, so that new users can have Internet access without changing any settings. I saw this thread, which confirmed what I already knew I needed to do, but for the life of me, I just can't get it to work!

This was my most recent (failed) attempt at a DST-NAT rule to make this happen:

chain=dstnat protocol=tcp dst-port=80 src-address-list=filtered action=dst-nat to-addresses=192.168.1.5 to-ports=8080

Does anyone have an idea what I need to try?

Thanks!

imnlfn · Mon May 07, 2007 5:20 pm

Anyone?

ptsip · Mon May 07, 2007 7:54 pm

I suppose you to redirect tcp-80 to Mikrotik Proxy Server and then passthrough to your DansGuardian proxy.
The traffic for redirect as follows:

chain=dstnat protocol=tcp dst-port=80 src-address-list=filtered action=redirect to-ports=8080

make sure you have enabled ROS module > web-proxy, where running on port 8080

imnlfn · Wed May 09, 2007 6:11 pm

I'll give it a try.

Thanks!

oakleeman · Thu May 10, 2007 9:27 am

We use the Mikrotik proxy and then use our DG boxes as the parent proxy. However this presents us with the problem of all logs showing the same IP. Been trying to find a solution for this for a while and nothing I'm finding here in the forum seems to work.

janisk · Thu May 10, 2007 12:38 pm

proxy is creating new request from itself when client is requesting something from proxy, thats why you cannot get ip addresses what requested what behind proxy server.

imnlfn · Tue May 15, 2007 8:36 pm

We use the Mikrotik proxy and then use our DG boxes as the parent proxy. However this presents us with the problem of all logs showing the same IP. Been trying to find a solution for this for a while and nothing I'm finding here in the forum seems to work.

Is the MT rule you use something like suggested above?

Also, are you running something like tinyproxy on the DG boxes, then? It strikes me as inelegant to have to use two separate proxies, almost enough (but not quite) to try to figure out how to replace RouterOS with Linux.

proxy is creating new request from itself when client is requesting something from proxy, thats why you cannot get ip addresses what requested what behind proxy server.

I thought there was a way to use mangle to add an IP address into your TCP/IP packets (or whatever you would call them at that point). If so, maybe there would be some (fairly minor) custom programming changes one could do on the DG boxes to extract these addresses and add them to the log?

imnlfn · Tue Jun 12, 2007 12:19 am

I finally got around to trying the method suggested above, only to find my RB150 has the webproxy-test package, but no web-proxy package!

I had an earlier version of RouterOS and I thought maybe upgrading to the current version would remedy this, so I uploaded the routeros-rb500-2.9.43.npk file, but that didn't make any difference.

I then downloaded all_packages_2.9.43-ns.zip from the MikroTik site, but there's no web-proxy-2.9.43-ns.npk in there, either.

Am I missing something obvious? How do I get the web-proxy file (npk)?

Thanks,
-M

Dansguardian and MikroTik, cont'd.

Dansguardian and MikroTik, cont'd.

Re: Dansguardian and MikroTik, cont'd.