to make external proxy using openBSD maybe u can try this
internet ---- Mikrotik--- client
|
proxy
setting NAT in Mikrotik
add chain=srcnat action=masquerade out-interface=wan
/ip firewall nat add chain=dstnat src-address=!10.5.50.0/28 \
protocol=tcp dst-port=80 action=dst-nat to-addresses=10.5.50.14 \
to-ports=3456 comment="nat proxy" disabled=no
and then
setting in squid.conf
"http_port 10.5.50.14:3456 transparent"
and then ACL network adjusted with network to client. example :
0 ;;; to modem
192.168.1.2/24 192.168.1.0 192.168.1.255 wan
1 ;;; proxy
10.5.50.1/28 10.5.50.0 10.5.50.15 proxy-ex
2 ;;; dhcp lab
192.168.12.1/25 192.168.12.0 192.168.12.127 LAN-LAB (client)
3 ;;; dhcp local
192.168.11.1/24 192.168.11.0 192.168.11.255 LAN-HnK (client)
4 ;;; static
192.168.10.1/26 192.168.10.0 192.168.10.63 LAN-HnK (client)
if we have set directly networknya we add to the proxy machine openBSD
route add 192.168.10.0/26 10.5.50.1
route add 192.168.11.0/24 10.5.50.1
route add 192.168.12.0/25 10.5.50.1
and then to check result we make route add :
#netstat -nrf inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 10.5.50.1 UGS 126 33372 - 8 re0
10.5.50/24 link#1 UC 1 0 - 4 re0
10.5.50.1 34:08:04:34:1b:ed UHLc 5 0 - 4 re0
127/8 127.0.0.1 UGRS 0 0 33204 8 lo0
127.0.0.1 127.0.0.1 UH 2 5 33204 4 lo0
192.168.10/24 10.5.50.1 UGS 41 4806 - 8 re0
192.168.11/24 10.5.50.1 UGS 98 31304 - 8 re0
192.168.11.134 10.5.50.1 GHD 30 18914 - L 8 re0
192.168.12/24 10.5.50.1 UGS 0 148 - 8 re0
224/4 127.0.0.1 URS 0 0 33204 8 lo0
whether the proxy machine can relate to trying to check client, using it :
#traceroute 192.168.10.135 (ip client) dari proxy ke client
and also vice versa from the client to the proxy
if successful then the survivors have become
live make limited bandwidth
that for many clients and users uncertain delicious pake PCQ
note: This way likened to the proxy machine already installed OpenBSD. so stay settings in mikrotik
thanks to my friend : http://tonix-qu.blogspot.com
internet ---- Mikrotik--- client
|
proxy
setting NAT in Mikrotik
add chain=srcnat action=masquerade out-interface=wan
/ip firewall nat add chain=dstnat src-address=!10.5.50.0/28 \
protocol=tcp dst-port=80 action=dst-nat to-addresses=10.5.50.14 \
to-ports=3456 comment="nat proxy" disabled=no
and then
setting in squid.conf
"http_port 10.5.50.14:3456 transparent"
and then ACL network adjusted with network to client. example :
0 ;;; to modem
192.168.1.2/24 192.168.1.0 192.168.1.255 wan
1 ;;; proxy
10.5.50.1/28 10.5.50.0 10.5.50.15 proxy-ex
2 ;;; dhcp lab
192.168.12.1/25 192.168.12.0 192.168.12.127 LAN-LAB (client)
3 ;;; dhcp local
192.168.11.1/24 192.168.11.0 192.168.11.255 LAN-HnK (client)
4 ;;; static
192.168.10.1/26 192.168.10.0 192.168.10.63 LAN-HnK (client)
if we have set directly networknya we add to the proxy machine openBSD
route add 192.168.10.0/26 10.5.50.1
route add 192.168.11.0/24 10.5.50.1
route add 192.168.12.0/25 10.5.50.1
and then to check result we make route add :
#netstat -nrf inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 10.5.50.1 UGS 126 33372 - 8 re0
10.5.50/24 link#1 UC 1 0 - 4 re0
10.5.50.1 34:08:04:34:1b:ed UHLc 5 0 - 4 re0
127/8 127.0.0.1 UGRS 0 0 33204 8 lo0
127.0.0.1 127.0.0.1 UH 2 5 33204 4 lo0
192.168.10/24 10.5.50.1 UGS 41 4806 - 8 re0
192.168.11/24 10.5.50.1 UGS 98 31304 - 8 re0
192.168.11.134 10.5.50.1 GHD 30 18914 - L 8 re0
192.168.12/24 10.5.50.1 UGS 0 148 - 8 re0
224/4 127.0.0.1 URS 0 0 33204 8 lo0
whether the proxy machine can relate to trying to check client, using it :
#traceroute 192.168.10.135 (ip client) dari proxy ke client
and also vice versa from the client to the proxy
if successful then the survivors have become
live make limited bandwidth
that for many clients and users uncertain delicious pake PCQ
note: This way likened to the proxy machine already installed OpenBSD. so stay settings in mikrotik
thanks to my friend : http://tonix-qu.blogspot.com
Comments
Post a Comment