Scribd
Upload
46 views2 pages

Web-Proxy e Cache Fu

This document configures a transparent web proxy using IP firewall and queue rules. It marks HTTP traffic on port 80 for redirection to the proxy on port 3128, sets up a priority queue for proxy traffic, enables the web proxy, and blocks external access to the proxy.

Uploaded by

digcon2
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
46 views2 pages

Web-Proxy e Cache Fu

This document configures a transparent web proxy using IP firewall and queue rules. It marks HTTP traffic on port 80 for redirection to the proxy on port 3128, sets up a priority queue for proxy traffic, enables the web proxy, and blocks external access to the proxy.

Uploaded by

digcon2
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 2

/ ip firewall mangle

add chain=output action=mark-connection new-connection-mark=superproxy


passthrough=yes src-port=3128 protocol=tcp content="X-Cache: HIT"
comment="SUPER-PROXY" disabled=no
add chain=output action=mark-packet new-packet-mark=superproxy
passthrough=yes connection-mark=superproxy comment="" disabled=no
add chain=output action=return connection-mark=superproxy comment=""
disabled=no

/queue simple
add name="SUPER-PROXY" target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=superproxy direction=both priority=8 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default-small
disabled=no

/ system script
add name="queue_up" source=":foreach i in=\[/queue simple find dynamic=no\]
do={/queue simple move \[/queue simple get \$i name\] \[/queue simple find
dynamic=yes\]}" policy=ftp,reboot,read,write,policy,test,winbox,password

/ system scheduler
add name="superproxy_queue_up" on-event="/ system script run queue_up"
start-date=feb/13/1977 start-time=00:00:00 interval=5m comment="" disabled=no

/ ip firewall nat
add chain=dstnat dst-port=80 protocol=tcp action=redirect to-ports=3128
comment="PROXY REDIRECTION" disabled=no

/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" transparent-
proxy=yes parent-proxy=0.0.0.0:0 cache-administrator="webmaster" max-object-
size=50000KiB cache-drive=system max-cache-size=380000KiB max-ram-cache-
size=50000KiB

/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying"
disabled=no

/ip firewall filter


add chain=input dst-port=3128 protocol=tcp in-interface=lan01 action=drop
comment="EXTERNAL PROXY BLOCK" disabled=no

/ip firewall filter


add chain=input dst-port=3128 protocol=tcp in-interface=wan02T action=drop
comment="EXTERNAL PROXY BLOCK" disabled=no
/ip firewall filter
add chain=input dst-port=3128 protocol=tcp in-interface= action=drop
comment="EXTERNAL PROXY BLOCK" disabled=no

/ip firewall filter


add chain=input dst-port=3128 protocol=tcp in-interface= action=drop
comment="EXTERNAL PROXY BLOCK" disabled=no

You might also like