MikroTik

Community discussions
https://forum.mikrotik.com/

How do I enable proxy setting for a specific network?

https://forum.mikrotik.com/viewtopic.php?t=72617

Page 1 of 1

How do I enable proxy setting for a specific network?

Posted: Tue May 14, 2013 8:19 am
by YasinOnline
Hi Everyone,

I have different networks i.e.
1) 192.168.0.0 (MT Router Board, PCC Load Balancing and Web Proxy are Configure)
2) 192.168.1.0 (WAN1)
3) 192.168.15.0 (WAN2)

By any reason if MT Router is not working properly I need to change it directly WAN1 or WAN2 and this is very chaotic to go on each PC and change proxy setting.

Is there any way that when a computer has an IP of 192.168.0.0 network then its proxy setting should be enable automatically, and if it has IP of 192.168.1.0 or 192.168.15.0 networks then proxy server settings are disable also automatically and "automatically detect setting" is enable. Along with "FlushNDS, IP Release, IP renew" commands?

All setting would be implemented for "Internet Explorer, Google Chrome, Firefox" browsers.

Thanking in advance.

Re: How do I enable proxy setting for a specific network?

Posted: Thu May 16, 2013 7:59 am
by aacable
Setup Transparent Proxy by adding NAT rule (which redirects port 80 to proxy) , and in src-address, enter your desired IP range e.g 192.168.0.1-192.168.0.255 that need to be redirected. This way only specific ip range will be redirected to local proxy and other requests will go directly.

Example:

/ip firewall nat
add action=redirect chain=dstnat comment="Redirect port 80 request to Mikrotik Web Proxy zzz" disabled=no dst-port=80 protocol=tcp src-address=192.168.0.0/24 to-ports=8080

Re: How do I enable proxy setting for a specific network?

Posted: Wed May 22, 2013 8:35 am
by YasinOnline
Dear Aacable,

Thank you on your support, its working for me :D .

I would like ask one more thing, how I can block or filter "HTTPS" traffic? Reason is when I use FireFox or IE ver 10 web browsers to access "Facebook" they use "HTTPS" rather than "HTTP" and unblock the "Facebook". i.e. "https:"//www.facebook.com" rather than "http://www.facebook.com".

Regards,

Re: How do I enable proxy setting for a specific network?

Posted: Wed May 22, 2013 11:08 am
by aacable
There are many different ways to achieve this. You can transparently inspect DNS requests. you can NOT transparently inspect https traffic - it's encrypted.

Another method for blocking facebook with a mikrotik is to block at the DNS level.
Enable DNS server on the mikrotik, add invalid entries for facebook.com, then redirect user dns traffic to local dns server, which have fake entries for facebook, either for all users or specific range/user ip .
adding static dns entries example

/ip dns static
add address=127.0.0.1 disabled=no name=facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=www.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=www.fb.com ttl=5m
add address=127.0.0.1 disabled=no name=a.ns.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=b.ns.facebook.com ttl=5m


You can also block FACEBOOK by ip ranges. Blocking by IP ranges (of your required web sites) should also work.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/