Community discussions

MikroTik App
 
wallnas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Aug 27, 2009 5:08 pm
Location: Italy

Configure webproxy transparent

Sun Oct 25, 2009 12:55 pm

I have configured a web proxy transparent:
1. I have configured and enable it in web proxy setting: ip proxy set enable=yes port=8080
2. In firewall Nat : ip firewall nat add in-interface= ether 1 dst-port= 80 protocol=tcp action=redirect to-ports=8080 chain=dstnat

My problem is:
in the firewall filter rules i have insert:
1 Action=Accept chain=forward protocol=tcp dstPort=80
2. Action=Accept chain=input protocol=tcp dstPort=8080
3 Action=drop chain=input to block all other connection.

With this configuration i do not connect to web. If i remove the instruction (3) action=drop chain=input is all ok.

What is the instruction to add before instruction (3): action=drop chain=input to connect to web

tanks
 
User avatar
skillful
Trainer
Trainer
Posts: 552
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:

Re: Configure webproxy transparent

Sun Oct 25, 2009 6:14 pm

You need to accept "established" and "related" connections in the input chain before dropping all.
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: Configure webproxy transparent

Sun Oct 25, 2009 6:15 pm

Use the below to add rules that allow all traffic in the input chain related to connections initiated by the router itself (i.e., the proxy service requesting a web page from a web server). The rules will be added to the very top to make firewall handling of established connections as cheap as possible:
/ip firewall filter add chain=input action=accept connection-state=related place-before=0
/ip firewall filter add chain=input action=accept connection-state=established place-before=0
 
wallnas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Aug 27, 2009 5:08 pm
Location: Italy

Re: Configure webproxy transparent

Sun Oct 25, 2009 7:06 pm

I have use two group for an error !

I have use your instruction and is ok: Tanks.

I have insert this instruction at the # 0 and 1
But this instruction:
/ip firewall filter add chain=input action=accept connection-state=related place-before=0
/ip firewall filter add chain=input action=accept connection-state=established place-before=0

What they actually do ?

Tanks
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: Configure webproxy transparent

Sun Oct 25, 2009 7:18 pm

Use the below to add rules that allow all traffic in the input chain related to connections initiated by the router itself (i.e., the proxy service requesting a web page from a web server).
A user requests a web page. He's redirected to the proxy. The proxy requests the web page from the web server, this happens in the output chain and the traffic is marked as "established". The web server replies - this happens in the "input" chain, since the web server talks to the proxy, which sits on the router itself. If you don't permit established traffic, the web server reply is thrown away.
 
wallnas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Aug 27, 2009 5:08 pm
Location: Italy

Re: Configure webproxy transparent

Mon Oct 26, 2009 3:28 pm

Tanks

Who is online

Users browsing this forum: East2, parm and 29 guests