Mikrotik Webproxy with PCC

Usually when you enable web proxy on pcc, it wont work. To make it work you have to mark web proxy connection in output chain, and exclude port 80 traffic from pre-routing PCC rules. Example is as below. (I assume you have dual wan pcc already configured and in running state


Add following rules (Output chain)
/ip firewall mangle
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-1″ disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\    both-addresses-and-ports:2/0 protocol=tcp
    both-addresses-and-ports:2/1 protocol=tcp
    per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN2″ disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
    max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
add action=redirect chain=dstnat comment=”Redirect port 80 request to Web Proxy” disabled=no dst-port=80 protocol=tcp to-ports=8080
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-2″ disabled=no dst-port=80 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
.
Now exclude port 80 from the PCC rules in pre-routing chain.
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN1″ disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \

Now Enable Web proxy.
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=yes enabled=yes max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d \

Now redirect users port 80 traffic to web proxy by creating a NAT rule so all users browsing (port 80) request should automatically be redirected to mikrotik web proxy, (akaTransparent Proxy) (Move this rule at end in NAT section)
/ip firewall nat
add action=redirect chain=dstnat comment=”Redirect port 80 request to Web Proxy” disabled=no dst-port=80 protocol=tcp to-ports=8080

All Done
Regards,
HaK


Comments

  1. UnknownJune 18, 2014 at 7:22 PM

    This is not working then i search more hard and find the below link. This is working perfectly.

    http://step-technology.blogspot.com/2011/05/load-balance-using-pcc-method-in.html

    But again now I work more for on above script i found little bit mistake in redirect proxy rule and some route marking problem

    but i m unable to identify route problem but can be redirect proxy rule problem

    in proxy redirect rule in.interface is not included kindly add the lan interface.

    ReplyDelete
  2. UnknownJune 18, 2014 at 7:32 PM

    Sorry guys! I am wrong the above script is not working. due to this Just PCC is not working and doesn't use both ISP together.

    Thanks

    ReplyDelete
  3. HaKSeptember 12, 2014 at 10:51 AM

    before applying PCC you need to make sure interface name according to above script. further you can also achieve this by using this.

    http://hak786.blogspot.com/2014/09/ecmp-load-balancing-simple-and-easy.html

    ReplyDelete
  4. zohaib khatriSeptember 15, 2020 at 3:26 PM

    Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! periodic expenses examples

    ReplyDelete
  5. haseebkhatriSeptember 15, 2020 at 3:54 PM

    Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. how much is half a gallon in oz

    ReplyDelete
  6. zohaib khatriSeptember 15, 2020 at 4:10 PM

    You actually make it look so easy with your performance but I find this matter to be actually something which I think I would never comprehend. It seems too complicated and extremely broad for me. I'm looking forward for your next post, I’ll try to get the hang of it! how many water bottles equal 8 oz

    ReplyDelete
  7. zohaib khatriSeptember 15, 2020 at 4:32 PM

    I was very pleased to find this site.I wanted to thank you for this great read!! I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you post. ortho press n set mouse trap

    ReplyDelete
  8. zohaib khatriSeptember 15, 2020 at 4:56 PM

    Your work is very good and I appreciate you and hopping for some more informative posts how to remove a hickey right away

    ReplyDelete
  9. shaikhSeptember 15, 2020 at 5:22 PM

    This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more ... good luck. cost accumulation

    ReplyDelete

Post a Comment

Popular posts from this blog

Dual Wan Load balacing with failover mikrotik

Introduction Let us suppose that we have two WAN links, and we want  load balance the two WAN links  and do a fail-over if one of the WAN links fails ( eg: traffic redirected to the link which is up ) . the problem is to monitor, whether the Internet is accessible through each of them. The problem can be everywhere. If your VPN cannot connect – then there’s no problem, your default route with gateway=that-vpn-connection will be inactive. If your ADSL modem is down – then check-gateway=ping is on stage, and no problem again. But what if your modem is up, and telephone line is down? Or one of your ISP has a problem inside it, so traceroute shows only a few hops – and then stops… Some people use NetWatch tool to monitor remote locations. Others use scripts to periodically ping remote hosts. And then disable routes or in some other way change the behaviour of routing. But RouterOS facilities allow us to use only /ip routes to do such checking – no scripting and netwatch at al
Read more

Configure Static IP Address (CLI) on Ubuntu 18.04.5 LTS

 goto: sudo nano /etc/netplan/01-netcfg.yaml Sample Config: # This file describes the network interfaces available on your system # For more information, see netplan(5). network:   version: 2   renderer: networkd   ethernets:         ens160:             dhcp4: no             addresses: ['192.168.1.26/24']             gateway4: 192.168.1.1             nameservers:                 addresses: [8.8.8.8, 8.8.4.4]                 search: [hak786.blogspot.com] sudo netplan apply
Read more