Page 1 of 1
Web Proxy
Posted: Mon Oct 11, 2010 12:14 pm
by ferdinandbabst
Hi
I have setup web proxy to listen on default port 8080. i have also created the Nat rule
chain=dstnat action=redirect to-ports=8080 protocol=tcp
src-address=172.17.0.0/24 dst-port=80
The rule is working fine but I can't seem to get any browsing done on the allowed web pages in the proxy.
Do i need to give the proxy server access to internet via NAT rule or masquerade rule etc?
Re: Web Proxy
Posted: Mon Oct 11, 2010 1:56 pm
by Ibersystems
Did you configured the internet access in the board?
ip route add...
you need to add a route to 0.0.0.0/0 with gateway your modem.
Re: Web Proxy
Posted: Mon Nov 01, 2010 8:41 am
by otgooneo
Hi guys, my web proxy working perfect (RB1000 V4). But I can`t set content filter using web proxy server. Content filtering working on hotspot by firewall filtering option.
Re: Web Proxy
Posted: Tue Nov 02, 2010 11:01 am
by Ibersystems
Hi guys, my web proxy working perfect (RB1000 V4). But I can`t set content filter using web proxy server. Content filtering working on hotspot by firewall filtering option.
Can you copy/paste your ip/firewall filters?
Re: Web Proxy
Posted: Tue Nov 02, 2010 1:19 pm
by otgooneo
Actualy my goal is block bad pages then show to my customers "Blocked page". My customers are connecting via hotspot. So I can set content filter using firewall mangle and filter rules. Here is my config:
[admin@Testing] /ip firewall> fil print det
0 chain=forward action=drop dst-address-list=BadIP
[admin@Testing] /ip firewall mangle> print
1 chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=adult
2 chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=porn
3 chain=forward action=add-dst-to-address-list protocol=tcp address-list=BadIP address-list-timeout=10s dst-port=80 content=sex
But I can`t show to my customers that page is blocked by administrator. Firewall filter rule just drops packets.
Therefor I have started to use Web proxy service. In this case I can block web host by static host name.
[admin@Testing] /ip proxy access> print det
0 dst-port=80 dst-host=www.redtube.com action=deny hits=0
Now I can show them Blocked page but I have to add manually all bad web hosts . It`s too rude way.
Re: Web Proxy
Posted: Tue Nov 02, 2010 1:35 pm
by Ibersystems
Did you configured ip/hotspot/server profiles/http proxy?
Re: Web Proxy
Posted: Tue Nov 02, 2010 3:56 pm
by otgooneo
I haven`t done that. But I have added NAT rule, which works like that. Just because I didn`t know hotspot already has this feature.
[admin@Testing] /ip firewall nat> print det
1 ;;; To Proxy
chain=dstnat action=redirect to-ports=1010 protocol=tcp src-address=172.16.24.0/24 dst-port=80
My only wish is use content and URL filter with "Admin Blocked Page".
Has the RouterOS anyway to add firewall filter rule with redirect page? Like it - <<action=drop, redirect=errorpage.html>> lol...
Sorry Iber, for my bad english.
Re: Web Proxy
Posted: Tue Nov 02, 2010 3:59 pm
by Ibersystems
I think I did this with hotspot and webproxy : /
Re: Web Proxy
Posted: Tue Nov 02, 2010 4:14 pm
by Ibersystems
I just checked and I have only webproxy there. If I activate the webproxy I disable the hotspot.. I don't know why, but you can imagine.. xD
Mmm..
with redirect in webproxy you can redirect people to YOURHOTSPOTIP/deny.html
You need to place deny.html in your routerOS and they will see the file when deny.
Re: Web Proxy
Posted: Tue Nov 02, 2010 6:37 pm
by otgooneo
Thank you Iber. I`ll try again.
Re: Web Proxy
Posted: Tue Nov 02, 2010 10:33 pm
by Chupaka
anyway, content filtering is not available in Proxy