How to set up RouterOS to use web proxy on another machine

http-proxymikrotikrouteros

The RouterOS docs show how to transparently proxy all web traffic via the HTTP proxy built into RouterOS:

/ip firewall nat 
add in-interface=ether1 dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat 
/ip proxy
set enabled=yes port=8080

I'd like to run a proxy on another machine, so that I can take advantage of more sophisticated filtering rules available in Squid or the like. However, if I use NAT to redirect traffic to another machine running Squid it won't work, since the HTTP request will need to be rewritten in order to be a proxy HTTP request; just redirecting the traffic gives bad request errors from Squid.

Best Answer

No need of setting proxy in RouterOS. You can route all outgoing HTTP traffic to the server directly thru NAT:

ip firewall nat add in-interface=eth1 src-address=!<IP of Squid machine> dst-port=80 protocol=tcp action=dst-nat to-addresses=<IP of Squid machine> to-ports=8080

The last parameter "src-address=!..." is needed in case which squid machine communicates thru same interface as the other machines. Otherwise it would go like this:

  1. Computer sends HTTP request
  2. RouterOS destinates this packet to squid
  3. Squid sends HTTP request to webserver
  4. RouterOS destinates squid request again to squid -> loop
Related Topic