Title: Proxy with Mikrotik gateway (deoesnt work as desired) Post by: antich on Saturday 12 December 2009, 04:42:25 am Hello everyone !!
I just registered cause there is something weird going on with my endian setup. My network goes like this: WiFi "hotspot" ENDIAN FW (IP: 192.168.3.5) ^ ^ | | | | INTERNET -----> ADSL MODEM -----> MIKROTIK ROUTERBOARD -----> 8 PORT SWHITCH -----> MY PC AND OTHERS (IP: 192.168.3.10 and forward) (PPPOE) (ROUTEROS 3.22) IP: 192.168.3.1 I think all important network details are there, my Endian FW has a GREEN ONLY ethernet setup, and RED is configured as Gateway on 192.168.3.1 wich is the Mikrotik Routerboard. My need right now is to add WEB CACHE to my existing network, for anything else i will use another PC, this is a squid only box. For some strange reason, if i redirect from bouterboard something like 192.168.3.10 port 80 traffic to 192.168.3.5:8080 (proxy) the computer cant browse internet anymore, not even google. Browser displays TIMEOUT error after some seconds (firefox) and internet explorer waits like a minute and says it can show the website. BUT if i configure browsers manually to proxy everything works PERFECTLY, im clueless !! Reading some endian doentation i learnt about the .PAC proxy auto configuration file, i didnt know that, so i tried and it works too, even with cached content. I guess i dont need a transparent proxy, basically because the routerboard acting as gateway can redirect traffic to proxy port. Also i made a rule in the routerboard to accept connections from proxy, just in case. I dont know what else to try, im fighting with this about 3 days now and i really dont want to give up. It seems the routerboard acting as a gateway CAN comunicate with proxy, but for some reason proxy allows clients to use it and not the routerboard !!! Did some other tests: Surprisingly i CAN access https://wiki.ubuntu.com/, wich happened to be in a list of bookmarks i had, and i can browse the entire site and links as long as they dont point to another website. Also i CAN browse cached content (pictures at least, jpg format) or so it seems, i disabled forwarding rule on routerboard, cached some High Resolution pictures, activate rule again, and via bookmark i can access them. And this is what "connections" page shows when i try to open a folder with some bookmarks, wich obviously i cant access. 192.168.3.10 52597 192.168.3.5 8080 tcp SYN_RECV 0:00:59 192.168.3.10 52596 192.168.3.5 8080 tcp SYN_RECV 0:00:57 192.168.3.10 52590 192.168.3.5 8080 tcp SYN_RECV 0:00:55 192.168.3.10 52591 192.168.3.5 8080 tcp SYN_RECV 0:00:54 192.168.3.10 52582 192.168.3.5 8080 tcp SYN_RECV 0:00:34 192.168.3.10 52584 192.168.3.5 8080 tcp SYN_RECV 0:00:34 192.168.3.10 52585 192.168.3.5 8080 tcp SYN_RECV 0:00:34 192.168.3.10 52583 192.168.3.5 8080 tcp SYN_RECV 0:00:33 127.0.0.1 32789 127.0.0.1 123 (NTP) udp 0:00:16 192.168.3.10 61902 192.168.3.5 8080 tcp SYN_RECV 0:00:14 192.168.3.10 62331 192.168.3.5 8080 tcp SYN_RECV 0:00:14 192.168.3.10 61903 192.168.3.5 8080 tcp SYN_RECV 0:00:13 192.168.3.10 55726 192.168.3.5 8080 tcp SYN_RECV 0:00:13 192.168.3.10 61901 192.168.3.5 8080 tcp SYN_RECV 0:00:13 192.168.3.10 64301 192.168.3.5 8080 tcp SYN_RECV 0:00:13 And this is mt access policy rule (i tried disabling firewalls also, same results) # Policy Source Destination Authgroup/-user When Useragent 1 unfiltered access ANY ANY not required Always ANY Any help will be appreciated !!! Im doing the best i can to give you details but if anyone needs any other details ill be glad to post them, just please help me solve this lol. Thanks for reading =) |