EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: antich on Saturday 12 December 2009, 04:42:25 am



Title: Proxy with Mikrotik gateway (deoesnt work as desired)
Post by: antich on Saturday 12 December 2009, 04:42:25 am
Hello everyone !!
I just registered cause there is something weird going on with my endian setup.
My network goes like this:

                                                                  WiFi "hotspot"                       ENDIAN FW (IP: 192.168.3.5)
                                                                           ^                                         ^
                                                                            |                                          |
                                                                            |                                          |
INTERNET -----> ADSL MODEM -----> MIKROTIK ROUTERBOARD -----> 8 PORT SWHITCH -----> MY PC AND OTHERS (IP: 192.168.3.10 and forward)
                             (PPPOE)                    (ROUTEROS 3.22)
                                                               IP: 192.168.3.1

I think all important network details are there, my Endian FW has a GREEN ONLY ethernet setup, and RED is configured as Gateway on 192.168.3.1 wich is the Mikrotik Routerboard.
My need right now is to add WEB CACHE to my existing network, for anything else i will use another PC, this is a squid only box.

For some strange reason, if i redirect from bouterboard something like 192.168.3.10 port 80 traffic to 192.168.3.5:8080 (proxy) the computer cant browse internet anymore, not even google.
Browser displays TIMEOUT error after some seconds (firefox) and internet explorer waits like a minute and says it can show the website.

BUT if i configure browsers manually to proxy everything works PERFECTLY, im clueless !!
Reading some endian doentation i learnt about the .PAC proxy auto configuration file, i didnt know that, so i tried and it works too, even with cached content.

I guess i dont need a transparent proxy, basically because the routerboard acting as gateway can redirect traffic to proxy port. Also i made a rule in the routerboard to accept connections from proxy, just in case.

I dont know what else to try, im fighting with this about 3 days now and i really dont want to give up. It seems the routerboard acting as a gateway CAN comunicate with proxy, but for some reason proxy allows clients to use it and not the routerboard !!!



Did some other tests:

Surprisingly i CAN access https://wiki.ubuntu.com/, wich happened to be in a list of bookmarks i had, and i can browse the entire site and links as long as they dont point to another website.

Also i CAN browse cached content (pictures at least, jpg format) or so it seems, i disabled forwarding rule on routerboard, cached some High Resolution pictures, activate rule again, and via bookmark i can access them.

And this is what "connections" page shows when i try to open a folder with some bookmarks, wich obviously i cant access.

192.168.3.10    52597    192.168.3.5    8080    tcp    SYN_RECV    0:00:59
192.168.3.10    52596    192.168.3.5    8080    tcp    SYN_RECV    0:00:57
192.168.3.10    52590    192.168.3.5    8080    tcp    SYN_RECV    0:00:55
192.168.3.10    52591    192.168.3.5    8080    tcp    SYN_RECV    0:00:54
192.168.3.10    52582    192.168.3.5    8080    tcp    SYN_RECV    0:00:34
192.168.3.10    52584    192.168.3.5    8080    tcp    SYN_RECV    0:00:34
192.168.3.10    52585    192.168.3.5    8080    tcp    SYN_RECV    0:00:34
192.168.3.10    52583    192.168.3.5    8080    tcp    SYN_RECV    0:00:33
127.0.0.1    32789    127.0.0.1    123 (NTP)    udp         0:00:16
192.168.3.10    61902    192.168.3.5    8080    tcp    SYN_RECV    0:00:14
192.168.3.10    62331    192.168.3.5    8080    tcp    SYN_RECV    0:00:14
192.168.3.10    61903    192.168.3.5    8080    tcp    SYN_RECV    0:00:13
192.168.3.10    55726    192.168.3.5    8080    tcp    SYN_RECV    0:00:13
192.168.3.10    61901    192.168.3.5    8080    tcp    SYN_RECV    0:00:13
192.168.3.10    64301    192.168.3.5    8080    tcp    SYN_RECV    0:00:13

And this is mt access policy rule (i tried disabling firewalls also, same results)

#     Policy             Source     Destination      Authgroup/-user      When     Useragent
1    unfiltered access  ANY                 ANY           not required    Always    ANY

Any help will be appreciated !!!
Im doing the best i can to give you details but if anyone needs any other details ill be glad to post them, just please help me solve this lol.
Thanks for reading =)