Table of Contents
Advertisement
tells web server address, so proxy server can use it, instead of dst address of IP packet. If there is no
such header (older HTTP version on client), proxy server can not determine web server address and
therefore can not work.
It means, that it is impossible to correctly transparently redirect HTTP traffic from router to some
other transparent-proxy box. Only correct way is to add transparent proxy on the router itself, and
configure it so that your "real" proxy is parent-proxy. In this situation your "real" proxy does not
have to be transparent any more, as proxy on router will be transparent and will forward proxy-style
requests (according to standard; these requests include all necessary information about web server)
to "real" proxy.
Property Description
action ( accept | add-dst-to-address-list | add-src-to-address-list | dst-nat | jump | log | masquerade |
netmap | passthrough | redirect | return | same | src-nat ; default: accept ) - action to undertake if
the packet matches the rule
• accept - accepts the packet. No action is taken, i.e. the packet is passed through and no more
rules are applied to it
• add-dst-to-address-list - adds destination address of an IP packet to the address list specified
by address-list parameter
• add-src-to-address-list - adds source address of an IP packet to the address list specified by
address-list parameter
• dst-nat - replaces destination address of an IP packet to values specified by to-addresses and
to-ports parameters
• jump - jump to the chain specified by the value of the jump-target parameter
• log - each match with this action will add a message to the system log
• masquerade - replaces source address of an IP packet to an automatically determined by the
routing facility IP address
• netmap - creates a static 1:1 mapping of one set of IP addresses to another one. Often used to
distribute public IP addresses to hosts on private networks
• passthrough - ignores this rule goes on to the next one
• redirect - replaces destination address of an IP packet to one of the router's local addresses
• return - passes control back to the chain from where the jump took place
• same - gives a particular client the same source/destination IP address from supplied range for
each connection. This is most frequently used for services that expect the same client address
for multiple connections from the same client
• src-nat - replaces source address of an IP packet to values specified by to-addresses and
to-ports parameters
address-list ( name ) - specifies the name of the address list to collect IP addresses from rules
having action=add-dst-to-address-list or action=add-src-to-address-list actions. These address lists
could be later used for packet matching
address-list-timeout ( time ; default: 00:00:00 ) - time interval after which the address will be
removed from the address list specified by address-list parameter. Used in conjunction with
add-dst-to-address-list or add-src-to-address-list actions
• 00:00:00 - leave the address in the address list forever
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Page 459 of 695
- Quick Links:
- Ethernet
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the RouterOS v2.9 and is the answer not in the manual?