How to wrap certain sites on an external proxy on Mikrotik?

S

Sepro2016-03-05 09:18:17

Mikrotik

Sepro, 2016-03-05 09:18:17

There is Mikrotik 6.32 on x86
How to make it so that when someone on the home network wants to go to the site yandex.ru, mikrotik wraps it up and Yandex opens through this very external proxy?
PS I tried to use ppptp vpn instead of a proxy, but for some reason the traffic simply does not go through the pptp connection...

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Romanov, 2016-03-08
@moneron89

If there is a specific list of sites, then the most correct solution would be to first resolve the names of these sites to a specific list address. For this purpose, I found a wonderful script.

:local DNSList {"example.com";"non-exist.domain.net";"server.local";"hostname"}
:local ListName "MyList"
:local DNSServers ( [ip dns get dynamic-servers], [ip dns get servers ], 8.8.8.8 )
:foreach addr in $DNSList do={
     :foreach DNSServer in $DNSServers do={
          :do {:resolve server=$DNSServer $addr} on-error={:log debug ("failed to resolve $addr on $DNSServer")}
     }
}
/ip firewall address-list remove [find where list~$ListName]
/ip dns cache all
:foreach i in=[find type="A"] do={
    :local bNew true
    :local cacheName [get $i name]
    :local match false
    :foreach addr in=$DNSList do={
       :if (:typeof [:find $cacheName $addr] >= 0) do={
           :set $match true
       }
    }
    :if ( $match ) do={
        :local tmpAddress [/ip dns cache get $i address]
        :if ( [/ip firewall address-list find ] = "") do={
            :log debug ("added entry: $[/ip dns cache get $i name] IP $tmpAddress")
            /ip firewall address-list add address=$tmpAddress list=$ListName comment=$cacheName
        } else={
            :foreach j in=[/ip firewall address-list find ] do={
                :if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
                    :set bNew false
                }
            }
            :if ( $bNew ) do={
                :log debug ("added entry: $[/ip dns cache get $i name] IP $tmpAddress")
                /ip firewall address-list add address=$tmpAddress list=$ListName comment=$cacheName
            }
        }
    }
}

Taken from here
In the first line of the script, specify the list of domain names that need to be wrapped on the proxy.
After you have a ready-made address list, add a rule to the NAT that looks something like this:

/ip firewall nat add action=dst-nat chain=dstnat comment=MyProxy disabled=no dst-address-list=MyList dst-port=80,443 \
    protocol=tcp to-addresses=<адрес прокси>

If necessary, change the ports in the rule. You can also add to the NAT rule src-address=!<ip-адрес вашего прокси>if the proxy is on the same network as other home computers. If it is somewhere outside the home network, this is not required.
Do not forget to add the script to the scheduler so that it runs periodically (more often than TTL dns records).