How to set up a proxy server with mikrotik?

M

Maxim Noskov2016-03-16 09:33:11

Squid

Maxim Noskov, 2016-03-16 09:33:11

Hello!
There was a proxy server with a squid, sams2 and one provider in one organization. Everything went through a proxy, everything worked well and stably. Then they added a second provider there as a backup. We installed a Mikrotik RB1100AHx2. The first 2 ports were occupied by providers, the rest - local. But a prerequisite was the presence of a proxy server with samsa. Server on freebsd. We decided to leave him. In the routes of the proxy server, Mikrotik was prescribed as a gateway, and for users as a gateway - a proxy server + browser settings. But in this format, it is enough to uncheck the "use proxy" checkbox in browsers and traffic will pass by squids. There is no AD in the organization. How do organizations implement proxy work in this mode? Those. when it is necessary to monitor user traffic and control monthly rates.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrey, 2016-03-16
@Ahrenizm

It's simple, set up a transparent proxy.

/ip firewall nat
add action=redirect chain=dstnat dst-address=!192.168.0.0/16 dst-port=80,3128,8080,8081 protocol=tcp src-address=!АДРЕС_ПРОКСИ to-ports=3128

/ip proxy
set [email protected] cache-path=web-proxy1 enabled=yes max-cache-size=none parent-proxy=АДРЕС_ПРОКСИ parent-proxy-port=3128 port=3128
/ip proxy access
add src-address=192.168.0.0/16

I forgot one more nuance, with such a scheme, Mikrotik adds the X-Forwarded-For header in which the client address, so that the squid can read it, you need to add the following to its configuration:

acl mikrotik_gw src АДРЕС_МИКРОТИКА
follow_x_forwarded_for allow mikrotik_gw
follow_x_forwarded_for deny all