Home / server / Questions / 181703
Accepted
Tim
Asked: 2010-09-17 00:14:16 +0800 CST

How do I set up RouterOS to use web proxy on another machine?

  • 772

The RouterOS docs show how to transparently proxy all web traffic via the HTTP proxy built into RouterOS:

/ip firewall nat 
add in-interface=ether1 dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat 
/ip proxy
set enabled=yes port=8080

I'd like to run a proxy on another machine, so that I can take advantage of more sophisticated filtering rules available in Squid or the like. However, if I use NAT to redirect traffic to another machine running Squid it won't work, since the HTTP request will need to be rewritten in order to be a proxy HTTP request; just redirecting the traffic gives bad request errors from Squid.

http-proxy mikrotik routeros

3 Answers

  1. No need of setting proxy in RouterOS. You can route all outgoing HTTP traffic to the server directly thru NAT:

    ip firewall nat add in-interface=eth1 src-address=!<IP of Squid machine> dst-port=80 protocol=tcp action=dst-nat to-addresses=<IP of Squid machine> to-ports=8080

    The last parameter "src-address=!..." is needed in case which squid machine communicates thru same interface as the other machines. Otherwise it would go like this:

    1. Computer sends HTTP request
    2. RouterOS destinates this packet to squid
    3. Squid sends HTTP request to webserver
    4. RouterOS destinates squid request again to squid -> loop
    • 3
  2. Best Answer

    It can be done with the parent-proxy setting:

    /ip proxy
set parent-proxy=<IP of Squid machine> parent-proxy-port=3128
    • 2 
  3. /ip proxy
set parent-proxy=<IP of Squid machine> parent-proxy-port=3128

/ip firewall nat
chain=dstnat src-address=!<IP of Squid machine> protocol=tcp dst-port=80  src-address-list=<IP of Local machine> action=redirect to-ports=8080
    • 1