How to redirect proxy to marked gateway
Posted: Fri Aug 12, 2011 3:02 am
hi, i have problem
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=redirect to-ports=8080 protocol=tcp
src-address=192.168.1.0/24 dst-port=80
1 chain=srcnat action=masquerade src-address=192.168.1.0/24
firewall mangle
1 ;;; youtube route
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp src-address-list=Local_Network dst-address-list=Youtube
2 ;;; youtube route
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp src-address-list=Local_Network layer7-protocol=youtube
3 ;;; donwload route
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp src-address-list=Local_Network dst-address-list=DOWNLOAD
dst-port=80
4 ;;; pop3-route
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp src-address-list=Local_Network dst-port=1863
5 ;;; smtp_route
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp src-address-list=Local_Network dst-port=25
6 ;;; imap_route
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp src-address-list=Local_Network dst-port=143
7 ;;; League of legends - pvp.net
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=2099
8 ;;; League of legends - pvp.net
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=5222
9 ;;; League of legends - pvp.net
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=5223
10 ;;; League of legends - game_client
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=udp dst-port=5000-5500
11 ;;; League of legends - patcher/maestro
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp dst-port=8393-8400
12 ;;; counter strike
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=27020-27039
13 ;;; counter strike
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=udp dst-port=1200
14 ;;; counter strike
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=27000-27015
15 ;;; WoW patcher
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp dst-port=1119,6112,6113,6114,4000
16 ;;; WoW Game
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=3724
17 ;;; WoW game
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=udp dst-port=3724
18 ;;; SSL
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp src-address-list=Local_Network dst-port=443
19 chain=output action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp out-interface=WAN1DSL dst-port=80
proxy
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: ArlicMaster
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 1d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: usb1
ip routes
0 A S ;;; commentDSL2
dst-address=0.0.0.0/0 gateway=WAN2DSL gateway-status=WAN2DSL reachable
distance=1 scope=255 target-scope=10 routing-mark=DSL2
1 A S ;;; commentDSL1
dst-address=0.0.0.0/0 gateway=WAN1DSL gateway-status=WAN1DSL reachable
distance=1 scope=255 target-scope=10 routing-mark=DSL1
2 A S ;;; routeDSL2
dst-address=0.0.0.0/0 gateway=WAN2DSL gateway-status=WAN2DSL reachable
distance=1 scope=30 target-scope=10
3 X S ;;; routeDSL1
dst-address=0.0.0.0/0 gateway=WAN1DSL gateway-status=WAN1DSL inactive
check-gateway=ping distance=1 scope=255 target-scope=10
4 ADC dst-address=78.8.73.1/32 pref-src=78.8.73.191 gateway=WAN1DSL
gateway-status=WAN1DSL reachable distance=0 scope=10
5 ADC dst-address=78.8.166.1/32 pref-src=78.8.166.90 gateway=WAN2DSL
gateway-status=WAN2DSL reachable distance=0 scope=10
6 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=PUBLIC<--->LOCAL
gateway-status=PUBLIC<--->LOCAL reachable distance=0 scope=10
7 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=etherPOE
gateway-status=etherPOE unreachable distance=0 scope=200
I want redirect proxy traffic from unmarked wan2DSL to marked as DSL1, WAN1
Im trying to redirect here but it dont work.....
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=redirect to-ports=8080 protocol=tcp
src-address=192.168.1.0/24 dst-port=80
1 chain=srcnat action=masquerade src-address=192.168.1.0/24
firewall mangle
1 ;;; youtube route
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp src-address-list=Local_Network dst-address-list=Youtube
2 ;;; youtube route
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp src-address-list=Local_Network layer7-protocol=youtube
3 ;;; donwload route
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp src-address-list=Local_Network dst-address-list=DOWNLOAD
dst-port=80
4 ;;; pop3-route
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp src-address-list=Local_Network dst-port=1863
5 ;;; smtp_route
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp src-address-list=Local_Network dst-port=25
6 ;;; imap_route
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp src-address-list=Local_Network dst-port=143
7 ;;; League of legends - pvp.net
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=2099
8 ;;; League of legends - pvp.net
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=5222
9 ;;; League of legends - pvp.net
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=5223
10 ;;; League of legends - game_client
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=udp dst-port=5000-5500
11 ;;; League of legends - patcher/maestro
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp dst-port=8393-8400
12 ;;; counter strike
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=27020-27039
13 ;;; counter strike
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=udp dst-port=1200
14 ;;; counter strike
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=27000-27015
15 ;;; WoW patcher
chain=prerouting action=mark-routing new-routing-mark=DSL2 passthrough=no
protocol=tcp dst-port=1119,6112,6113,6114,4000
16 ;;; WoW Game
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp dst-port=3724
17 ;;; WoW game
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=udp dst-port=3724
18 ;;; SSL
chain=prerouting action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp src-address-list=Local_Network dst-port=443
19 chain=output action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp out-interface=WAN1DSL dst-port=80
proxy
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: ArlicMaster
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 1d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: usb1
ip routes
0 A S ;;; commentDSL2
dst-address=0.0.0.0/0 gateway=WAN2DSL gateway-status=WAN2DSL reachable
distance=1 scope=255 target-scope=10 routing-mark=DSL2
1 A S ;;; commentDSL1
dst-address=0.0.0.0/0 gateway=WAN1DSL gateway-status=WAN1DSL reachable
distance=1 scope=255 target-scope=10 routing-mark=DSL1
2 A S ;;; routeDSL2
dst-address=0.0.0.0/0 gateway=WAN2DSL gateway-status=WAN2DSL reachable
distance=1 scope=30 target-scope=10
3 X S ;;; routeDSL1
dst-address=0.0.0.0/0 gateway=WAN1DSL gateway-status=WAN1DSL inactive
check-gateway=ping distance=1 scope=255 target-scope=10
4 ADC dst-address=78.8.73.1/32 pref-src=78.8.73.191 gateway=WAN1DSL
gateway-status=WAN1DSL reachable distance=0 scope=10
5 ADC dst-address=78.8.166.1/32 pref-src=78.8.166.90 gateway=WAN2DSL
gateway-status=WAN2DSL reachable distance=0 scope=10
6 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=PUBLIC<--->LOCAL
gateway-status=PUBLIC<--->LOCAL reachable distance=0 scope=10
7 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=etherPOE
gateway-status=etherPOE unreachable distance=0 scope=200
I want redirect proxy traffic from unmarked wan2DSL to marked as DSL1, WAN1
Im trying to redirect here
Code: Select all
19
;;; proxyToDSL1
chain=output action=mark-routing new-routing-mark=DSL1 passthrough=no
protocol=tcp out-interface=WAN1DSL dst-port=80