External Proxy Server for Mikrotik - fazar.net

External Proxy Server for Mikrotik

Mikrotik routerboard has a built-in proxy in it, but it has main constraint : very limited storage capacity. Therefore, most network administrators whom using mikrotik will use an external proxy to overcome this constraint. Here you can found an easy ways to implementing external proxy server for Mikrotik.
Squid is the most widely used proxy daemon for linux (including its derivative such as lusca). Some several advantages in the implementation of external proxy are :
  • Easy to adjust the configuration to suite your needs
  • The use of access control lists (ACLs) that can be used for specific purposes
  • Squid (especially version 2.7) can be “armed” with a url redirector. In some condition, url redirector can be used to force squid to cache dynamic content (such as Youtube videos).
  • Greater storage capacity as the general computer or server use the harddisk as data storage.
In this post, I’ll describe how to integrate external proxy with mikrotik using 2 methods : using NAT or using mangle.
Annotation :
  1. Mikrotik to proxy IP address : 192.168.90.1
  2. Proxy to Mikrotik IP address : 192.168.90.2
  3. Clients IP address : 192.168.1.0/24
First method : Using NAT
We can used Mikrotik built in NAT to forward HTTP request (port 80) from clients to external proxy.
Explanation :
First, we define IP address class for proxy server.
/ip firewall address-list
add address=192.168.90.0/24 list=ip-proxy
Then add new rule on NAT to forward http request to external proxy.
/ip firewall nat
add action=dst-nat chain=dstnat comment=”transparent proxy” dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.90.2 to-ports=3128
Second method : Using built-in mangle
Another method to forward http requests from clients is using mangle by adding new route. This method will work if external proxy able to act as gateway.
Explanation :
First, add route to external proxy.
/ip route
add check-gateway=ping distance=1 gateway=192.168.90.2 routing-mark=to-ext-proxy
Then, mark http requests from all clients to use route to external proxy.
/ip firewall mangle
add action=mark-routing chain=prerouting comment=”mark routing to proxy” dst-port=80 new-routing-mark=to-ext-proxy protocol=tcp src-address=192.168.1.0/24
Proxy server requirements :
You may need to configure some options in order to make it works for both methods such as enabling IPv4 forwarding (by editing systcl.conf) and allowing access to port 3128 in iptables. Add the following lines into the file /etc/rc.local then save :

Comments

Post a Comment

Popular posts from this blog

PHPMixBill V5 mikrotik Billing Solutions

Image
New Features: =================================================== – New Coding (ORM & Smarty) – New Design (responsive) – NEW API Mikrotik (PEAR2_Net_RouterOS) – Multi Router Mikrotik – Hotspot & PPPOE – Easy Installation – Multi Language and many more… STEPS: Installation =================================================== Auto Installer: 1. Unzip the contents of the zip file to a folder on your computer. 2. Upload the Entire phpmixbill_v5.0 folder to your website / server 3. Next you can rename the folder to whatever you like (billing, finance, manage etc..) 4. Now visit the uploaded location using your web browser to run the installer process. 5. Follow the instructions on screen to install PHPMixBill v5.0. 6. For security, Delete the install directory inside system folder. 7. If you see blank page after installation, it might be your compiled folder permissoon is not writable. Please make permission 755 compiled directory inside ui folder to s
Read more

How to install Asterisk and A2billing on Ubuntu Server 12.04LTS

This installation was carried out on Ubuntu 12.04 LTS on 64bit We need to upgrade apt-get #apt-get upgrade #apt-get update Configure your timezone: #dpkg-reconfigure tzdata Install some pre-requisites: #apt-get install libapache2-mod-php5 php5 php5-common #apt-get install php5-cli php5-mysql mysql-server apache2 php5-gd (note the password for mysql, we will need it later) #apt-get install php5-mcrypt #apt-get install build-essential wget libssl-dev libncurses5-dev libnewt-dev  libxml2-dev linux-headers-$(uname -r) libsqlite3-dev uuid-dev Add jansson and install Asterisk 12.1.1 #apt-get install python-software-properties -y #apt-key adv --keyserver pgp.mit.edu --recv-keys 175E41DF #http://www.digip.org/jansson/releases/jansson-2.4.tar.gz #tar -zxf jansson-2.4.tar.gz #cd jansson-2.4/ #./configure --prefix=/usr/ && make clean && make && make install asterisk-1.8.27.0-rc1.tar.gz #add-apt-repository "deb http://packages.asterisk.o
Read more

odbcinst: SQLGetPrivateProfileString failed with

Image
odbcinst: SQLGetPrivateProfileString failed with . This is an error that I received while setting up Asterisk with MySQL. The error occurs when I type in the command: sudo odbcinst -q -d The reason for the error is 1 of 2 things. * To find your local path for odbcinst run the following from terminal: sudo odbcinst -j 1. You are missing environment profiles Run the following in terminal to check your environment profiles for ODBC: env | grep 'ODBC' You should see the following returned: LD_LIBRARY_PATH=/usr/local/unixODBC/lib:/usr/local/lib: ODBCSYSINI=/usr/local/etc ODBCINI=/usr/local/etc/odbc.ini If not then this is your first problem. You are missing the environment variables to unixODBC. To add the environment variables run the following in terminal (no sudo): export LD_LIBRARY_PATH=/usr/local/unixODBC/lib:/usr/local/lib: export ODBCSYSINI=/usr/local/etc export ODBCINI=/usr/local/etc/odbc.ini * Please note that the paths are where your odbc files sit. So ple
Read more