I received few requests from friends on how to configure mikrotik web proxy with PCC on same box to save hardware resources and ease of management. Although I never recommend to use Mikrotik web proxy as it is designed for SOHO usage, and suitable for small networks. It have basic capability of simple objects and it have only few options to tune.
– Usually when you enable web proxy on pcc, it wont work. To make it work you have to mark web proxy connection in output chain, and exlude port 80 traffic from pre-routing PCC rules. Example is as below. (I assume you have dual wan pcc already configured and in running state)
.
Add Rules in Output Chain & exclue port 80 traffic from PCC prerouting chain
Add following rules (Output chain)
/ip firewall mangle
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-1″ disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-2″ disabled=no dst-port=80 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
.
Now exclude port 80 from the PCC rules in pre-routing chain.
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN1″ disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN2″ disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
As showed in the image below . . .
.
.
.
Enable Mikrotik Web Proxy
Now Enable Web proxy.
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=yes enabled=yes max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d \
max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
As showed in the image below . . .
.
.
Redirect port 80 traffic to web proxy (Transparent Proxy)
Now redirect users port 80 traffic to web proxy by creating a NAT rule so all users browsing (port 80) request should automatically be redirected to mikrotik web proxy, (aka Transparent Proxy) (Move this rule at end in NAT section)
/ip firewall nat
add action=redirect chain=dstnat comment=”Redirect port 80 request to Web Proxy” disabled=no dst-port=80 protocol=tcp to-ports=8080
As showed in the image below . . .
.
.
.
Now try to browse from client side, or download using IDM etc, and see the both WAN usage and web proxy status.
WAN USAGE STATUS >
.
.
WEB PROXY USAGE STATUS >
.
.
.
Mikrotik EXPORT with complete script for Dual WAN and Proxy.
[admin@MikroTik-2] > /ip ad ex # may/16/2013 09:09:34 by RouterOS 5.20 # software id = zaib-home /ip address add address=10.0.0.1/8 disabled=no interface=WAN1 network=10.0.0.0 add address=192.168.0.1/24 disabled=no interface=WAN2 network=192.168.0.0 add address=192.168.5.1/24 disabled=no interface=LAN network=192.168.5.0 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8 /ip proxy set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=yes enabled=yes max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d \ max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0 /ip firewall mangle add action=mark-connection chain=input disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes add action=mark-connection chain=input disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes add action=mark-connection chain=output comment="Marking Web Proxy Connection for WAN-1" disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/0 protocol=tcp add action=mark-connection chain=output comment="Marking Web Proxy Connection for WAN-2" disabled=no dst-port=80 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/1 protocol=tcp add action=mark-connection chain=prerouting comment="Excluding Port 80 from PCC - WAN1" disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp add action=mark-connection chain=prerouting comment="Excluding Port 80 from PCC - WAN2" disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=no in-interface=LAN new-routing-mark=to_WAN1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=no in-interface=LAN new-routing-mark=to_WAN2 passthrough=yes add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes add action=accept chain=prerouting disabled=no dst-address=10.0.0.0/8 in-interface=LAN add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24 in-interface=LAN /ip firewall nat add action=masquerade chain=srcnat comment="Masquerade WAN1 Traffic" disabled=no out-interface=WAN1 add action=masquerade chain=srcnat comment="Masquerade WAN2 Traffic" disabled=no out-interface=WAN2 add action=redirect chain=dstnat comment="Redirect port 80 request to Mikrotik Web Proxy" disabled=no dst-port=80 protocol=tcp to-ports=8080 /ip route add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=10.0.0.1 routing-mark=to_WAN1 scope=30 target-scope=10 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-mark=to_WAN2 scope=30 target-scope=10 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 scope=30 target-scope=10 add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=10.0.0.1 scope=30 target-scope=10 [admin@MikroTik-2] >
Regard’s
SYED JAHANZAIB
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
how can i see the user net access log & how i store user net access log in this configuration .
LikeLike
Comment by Imran — May 16, 2013 @ 9:48 AM
If we want to configure hotspot on the same box, than what change will be required ……..? please
LikeLike
Comment by Muhammad Ali — May 16, 2013 @ 1:21 PM
bhai ma na bht dafa mail ki ap jawab nai dety agr jawab nai dena tu page q banty ho???????????????
rb750 se loadbalacing than os on system and pppoe se share ha skype pa speed bht slow aty ha deafult profile pa b yellow signal or slow jase webcam on hta ha tu red signal 1 mint bad call drop ho jaty ha any solution????????
LikeLike
Comment by waqar — May 16, 2013 @ 7:58 PM
sir, plz share us how to configure microtik as a LAN environment… it would be very help full for us also plus point in our CV.
Thanks…
LikeLike
Comment by Muhammad Ameer — May 17, 2013 @ 7:31 AM
Describe in detail.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 17, 2013 @ 11:56 AM
my friend running a cable net with 75 users, i want to implement mikrotik for learning and gain experience but not know how to implement… plz share some learning stuff for beginners.
LikeLike
Comment by Muhammad Ameer — May 19, 2013 @ 2:55 AM
nice sharing !!!
LikeLike
Comment by FZN — May 17, 2013 @ 4:31 PM
nice sharing i’ll try it sir
LikeLike
Comment by c0d393n — May 17, 2013 @ 11:45 PM
Dear Aacable,
Thank you on your support, its working for me.
I would like ask one more question, how I can block or filter “HTTPS” traffic? Reason is when I use FireFox or IE ver 10 web browsers to access “Facebook” they use “HTTPS” rather than “HTTP” and unblock the “Facebook”. i.e. “https://www.facebook.com” rather than “http://www.facebook.com”.
Regards,
LikeLike
Comment by Mohammad Yasin — May 22, 2013 @ 10:40 AM
ip firewall filter add action=drop chain=forward comment=”Facebook Block” content=facebook.com \
disabled=no dst-address-list=”” dst-port=443 in-interface=(LAN/USER) protocol=\
tcp src-address=(specific ip of user or you can add mac address in src mac)
Regrads
Muhammad Ahtesham
LikeLike
Comment by Muhammad Ahtesham — October 14, 2013 @ 4:09 PM
Nice Tip, but the disadvantage of using content approach is that any page which have word facebook will be blocked, and as you know that nowadays many web sites have links to the facebook ads/sites.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — October 18, 2013 @ 11:15 AM
What if i do not want to use transparent proxy and have already the proxy settings in clients browses? Do I need some changes on this configuration?
Also, let’s assume that in my Lan interface i have to subnets so i have 2 ip addresses in the Lan, let’s say 192.168.1.1/24 and 192.168.2.1/24. If I have a web server in one of the subnets, let’s say in the address 192.168.1.100/24 and want to access this server from the other lan subnet, let’s say from the client 192.168.2.50/24, will I be able or with this rules that exclude the port 80, I will have problem?
Thnks
LikeLike
Comment by George Girgolas — May 22, 2013 @ 4:22 PM
can u tell me how to create firewall rulls
LikeLike
Comment by shafi — May 25, 2013 @ 5:48 PM
AL Salam alykom ,
I’ve tried to leave lot of comments do not know if you got it or not , i’ve installed ppp server on ether2 with ip pool , how to let users share files between each others.what software do you recommend to communicate with users under ppp server cause some times i ned to send txt msg to the user . Thanks
LikeLike
Comment by mohamed — June 2, 2013 @ 5:54 AM
If users are on same subnet, then they can simply share the folder in windows, or the better way is to use HFS http server, its very easy to use it, and user can simply add folder to hfs server and the other user can access it via there browser. See following link.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 3, 2013 @ 8:55 AM
Al Salam alykom ,
I’ve tried HFS before many times but users can download with the speed limits i need to let them download with lan speed , with simple ppp they still can not shre files should i send my configuration to you . it’s very simple ( one interface”ether1″-one pool_dns google -ppp server with user profiles 256k- internet speed is 1M)
no proxy , i’ve tried to block porn with opendns but there is medical students on my network and it block this kind of web sites so i ‘ve tried proxy and firewall but with firewall it blocks all connection and with webproxy it blocks facebook with some words . what to do about it .
Thanks
LikeLike
Comment by mohamed — June 4, 2013 @ 5:59 AM
i want to configure 4 wan mikrotik pcc + transparent proxy (ubuntu 10.4 squid cache) ? can u please tell me the steps,,
LikeLike
Comment by Javeed Rasheed — June 11, 2013 @ 1:21 PM
salam sir 1 meslah a raha hai mere sath mere pas. may network chala raha hun 250 users ka mere pas ye 2 server hain
1 mikrotik LoadBlancer (total 4 LAN dsl….. 2 line ptcl 4mb, 1 line ptcl 6mb, 1 line linkdotnet 4mb)
2 Mikrotik Hotspot and PPPoe
waridtel ki web or per login nahi hota bar bar ye error deta hai Session Timeout: please click on the link to go to the Warid Home Page….. 10 bar try kero to login ho jata hai per jese hi login page per kesi bhe link per click kero to phir ye hi error a jata hai.
is ke elawa kuch web sites or hain jo is terahn ka panga ker rahi hain jab may modem ko direct computer per lagata hun to sub fit chalta hai mere khayal se ye sub loadbanacer ki waja se hai..koi tarika btae ke meslah hal ho jae…..
Please Help me…..
LikeLike
Comment by furqanfn — June 19, 2013 @ 12:35 PM
Dear Jahanzaib,
I am doing unequal cost load balancing WAN1 is the bigger link so I am using three PCC rules with 2 rules for WAN1 2/0 and 2/1 ports to let it give more bandwidth..I want ask that do I need to create three pre-routing rules to exclude traffic for port 80. Also for the output chain in my configuration, I just have 2 rules as follows:
add action=mark-routing chain=output comment=”” connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment=”” connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
But in the output chain of this configuration of yours we are using ports so Do i need to create three output chains as well like the one I did before for pre-routing ??
Also for unequal cost load balancing,if we want to give preference to wAN1 do we need to have one more rule for both input and output chains ??
LikeLike
Comment by Khizer Khan — July 4, 2013 @ 2:11 AM
i wonderd if you can install squid proxy cache with PCC
i have 2 ISP :
ISP 1 connection speed 1 mb
SIP 2 connection speed 2 mb
i want to install webproxy on external computer with squid cache ??
what do i need ?? do i need 3 network’s card 2 for in 1 for out ??
help me
LikeLike
Comment by qassam — July 20, 2013 @ 5:29 PM
i want connect my dsl modem through mikrotik please tell me how to do this
LikeLike
Comment by Usman — July 31, 2013 @ 12:53 PM
Please Tell me
If i do Pcc load balancing in mikrotik and dont want add pppoe server than how can i surf internet from it please tell me
LikeLike
Comment by Usman — August 3, 2013 @ 9:43 AM
add default gateway/dns pointing to mikrotik pcc server in client side tcp/ip setting.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — August 3, 2013 @ 10:06 AM
bhai thora is k pare bta b dain ye hot spot men use ho ga loadbelsing men???? or is ka kia faida ho ga????
LikeLike
Comment by Ahsan — September 17, 2013 @ 2:22 AM
KOI ALLAH KA BANDA HELP KRYGA MERI….WEBPROXY CACHE CONTENT KAE LIYAE….MAI 2 WAN + PCC LOAD BALLENCING + HOTSPOT USE KR RAHA HU…(MAI TOU BAR BAR FAIL HO RAHA HU ISMAI)
LikeLike
Comment by waaqas fayyaz — September 23, 2013 @ 1:03 PM
mai he galt hu rule sei nei apply kia ub kr kae dekhuga
LikeLike
Comment by vikibhai — October 6, 2013 @ 8:50 PM
not workin for my pless help my
wan1-DSL-4mb
wan2-DSL-4mb
/ip address
add address=192.168.1.1/24 disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.0.1/24 disabled=no interface=WAN2 network=192.168.0.0
add address=192.168.5.1/24 disabled=no interface=Local network=192.168.5.0
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=yes enabled=yes max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-1″ disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-2″ disabled=no dst-port=80 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN1″ disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN2″ disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=no in-interface=Local new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=no in-interface=Local new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 in-interface=Local
add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24 in-interface=Local
/ip firewall nat
add action=masquerade chain=srcnat comment=”Masquerade WAN1 Traffic” disabled=no out-interface=WAN1
add action=masquerade chain=srcnat comment=”Masquerade WAN2 Traffic” disabled=no out-interface=WAN2
add action=redirect chain=dstnat comment=”Redirect port 80 request to Mikrotik Web Proxy” disabled=no dst-port=80 protocol=tcp to-ports=8080
/ip route
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-mark=to_WAN2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
LikeLike
Comment by tate — October 21, 2013 @ 12:42 PM
sir Assalam U aliakum Bht khushi hoi mjy K koi Is dunya main Bger Paisun K apna Knowledge share kar raha hai Ap ny dunya ko Dia Allah In sha Allah ap ko or zada dy ga …sir ap sy Aik Problem Discuss Kerni thi Main grreeeb Gharany Taluk Rakhta hun .or is preshani ko door kerny k lye main Ny apny Arey main Chota sa Network bnya hoa hai Cable net ka or Wifi KA .or server jo main Lgya hain wo Pfsense hai or Mikrotik ….bht dino sy problem a rahi hai Gateway Time Out main Bht search Ker li hai But nhi ho raha kuch client bht preshan ho rahy hain ..http proxy likha tat hai but mai ny Web Proxy to on hi nhi ki hoi just mikrotik py hotspot chala raha hun or pfsense sy load balancing kindly sir help me plzzzzz if u text me i will be thankful 2 u Allah Ap ko bht zad ajr Dy ga 03219419126
LikeLike
Comment by sajid ali — October 21, 2013 @ 4:42 PM
sir salam mere pass two lines hain ak ptcl or ak connect ki ha or m ny dono lines ko load balance kia huwa ha but problem yeh ha k jab m connect ka server kholta hoon tu wahan sey downloading nhi hota mlb link ptcl k uthata hai plz help me my chata hoon k connect ka server bhi chale ..thxx
LikeLike
Comment by sohail khan — November 5, 2013 @ 6:27 PM
Hi thanks for your work I followed your guide on binding with PCC + hotspot and it’s working fine… and thank you so much
I need to block specific websites from all users except one or two
can you please guide me how to do that with PCC enabled?
LikeLike
Comment by yasser — January 25, 2014 @ 6:03 AM
Hi Sir thanks for sharing your knowledge this helped me bigtime!! thanks again!!
LikeLike
Comment by Kemaine — March 10, 2014 @ 9:37 PM
Sallam Sir Jee
3 wan main ye script sahih kam kry ga ???
[admin@MikroTik-2] > /ip ad ex
# may/16/2013 09:09:34 by RouterOS 5.20
# software id = zaib-home
/ip address
add address=192.168.1.10/24 disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.10/24 disabled=no interface=WAN2 network=192.168.2.0
add address=192.168.3.10/24 disabled=no interface=WAN3 network=192.168.3.0
add address=192.168.122.1/23 disabled=no interface=LAN network=192.168.122.0
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=1024 servers=8.8.8.8
/ip proxy
set always-from-cache=no cache-administrator=Smart.net cache-hit-dscp=4 cache-on-disk=yes enabled=yes max-cache-size=unlimited max-client-connections=2000 max-fresh-time=3d \
max-server-connections=2000 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-1″ disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-2″ disabled=no dst-port=80 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-3″ disabled=no dst-port=80 new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/2 protocol=tcp
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN1″ disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN2″ disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN3″ disabled=no dst-address-type=!local dst-port=!80 in-interface=LAN new-connection-mark=WAN3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/2 protocol=tcp
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=no in-interface=LAN new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=no in-interface=LAN new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn disabled=no in-interface=LAN new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 in-interface=LAN
add action=accept chain=prerouting disabled=no dst-address=192.168.2.0/24 in-interface=LAN
add action=accept chain=prerouting disabled=no dst-address=192.168.3.0/24 in-interface=LAN
/ip firewall nat
add action=masquerade chain=srcnat comment=”Masquerade WAN1 Traffic” disabled=no out-interface=WAN1
add action=masquerade chain=srcnat comment=”Masquerade WAN2 Traffic” disabled=no out-interface=WAN2
add action=masquerade chain=srcnat comment=”Masquerade WAN3 Traffic” disabled=no out-interface=WAN3
add action=redirect chain=dstnat comment=”Redirect port 80 request to Mikrotik Web Proxy” disabled=no dst-port=80 protocol=tcp to-ports=8080
/ip route
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
[admin@MikroTik-2] >
agr koii kami hai to nikal dain kindlay
thanks 🙂
LikeLike
Comment by Asad Ali — March 28, 2014 @ 12:53 PM
[…] sumber: mediacomptech + aacable […]
LikeLike
Pingback by Membangun Proxy Server Lusca di Debian dan Optimasi Pada Sisi Mikrotik | bodi — May 24, 2014 @ 3:28 PM
Hi
Can you Please provide an advise with external proxy with same scenario ( 2 or more wan with load balancing).
LikeLike
Comment by vikas — July 2, 2014 @ 8:10 PM
hello sir main ap se janna chahta houn k mere pass 2 dsl modems hai or 2 hi dsl line dono lins par net chalta hai in dono koek computer par chlana chahta houn plz help me.
LikeLike
Comment by faisal — August 21, 2014 @ 1:34 PM
There is one issue which i want to discus with you is that : How can i sent one host from my LAN to WAN1 only or WAN2. My mean i dont want to load balance for one host in my network. Please respond when you are free. Thanks in advance
LikeLike
Comment by Javed Iqbal — August 27, 2014 @ 1:55 PM
You can use policy base routing, as described below …
aacable.wordpress.com/2011/10/27/mikrotik-policy-routing-based-on-client-ip-address/
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — August 27, 2014 @ 2:06 PM
Hello:
I can really use your help with this ?
I used pcc 2 lines with microtik proxy enabled inside drive only and used mangle rules as you suggested the problem is i cant browse any site ,”ONLY HTTPS” sites worked please advice me ???? Thanks..
LikeLike
Comment by Licha — September 17, 2014 @ 9:41 PM
how if connection use PPPoE not WAN?
LikeLike
Comment by oomdotcomagus ramadhani — November 15, 2014 @ 1:45 PM
Hi and thank you for your efforts publishing your knowledge freely over the net.
One question though; In my scenario i do have a working pcc 4 wan (pppoe) balancing working, and hotspot on top of it.
But when the webproxy comes into play, there’s no joy.
I think that maybe the pcc is getting confused with combination of hotspot and redirection of port 80 to webproxy as well.
Do you have a working implementation on that? Any clues – hint? I would really appreciate it.
Thank you,
A./
LikeLike
Comment by zoran — December 18, 2014 @ 1:18 AM
try not to mix all things in one box, as it will make troubleshooting really PIA (you know aht i mean) try to separate PCC on different RB, and other functions on other RB.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — December 29, 2014 @ 9:17 AM
Mikrotik (pppoe-Client) PCC Loadbalancing with Internal Web-proxy cache plz helpp me
LikeLike
Comment by Arshad Rajput — January 6, 2015 @ 11:52 AM
Dear Syed Jahanzaib sahab Aslamo alikom.
we aregetting a lot of knolledge from your posts very very useful. sir iam new to the system I coppied and past the scrpit according to my PC enviorment . its sets without any error on my system. its work pretty good with hotspot but my PPPPoE user can get benfit ofcache and PPC. how to add PPPOE server
Kindly send send a kind script to solove the problem. thanks in advance
LikeLike
Comment by Abdul Jalil — January 21, 2015 @ 8:41 AM
Salam Syed please make tutorial for external proxy for PCC load balance .May allah bless you syed for the great website knowledge
LikeLike
Comment by Kasim — February 21, 2015 @ 3:45 AM
[…] sumber: mediacomptech + aacable […]
LikeLike
Pingback by Membangun Proxy Server Lusca di Debian dan Optimasi Pada Sisi MikrotikBlog Bodi - Blog Bodi — August 3, 2016 @ 8:15 PM