How to setup site blocking and url redirection with Mikrotik

It's actually pretty easy to setup site blocking and url redirection with a Mikrotik router. In this post I will assume that you already have a Mikrotik router setup with NAT, DHCP and all the basic stuff.

The first thing you have to do is setup a transparent proxy

Setup the web proxy

/ip proxy set enabled=yes src-address=0.0.0.0 port=8080 parent-proxy=0.0.0.0 parent-proxy-port=0 cache-administrator="youremail@infowest.com" max-cache-size=none cache-on-disk=no max-client-connections=700 max-server-connections=700 max-fresh-time=2d always-from-cache=no cache-hit-dscp=4 serialize-connections=no

Make it transparent

/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.100.1 to-ports=8080

Substitute 192.168.100.1 with your router's LAN IP.

Now make sure the proxy is working. You shouldn't notice anything different about how the internet works for the clients connected to the router. In winbox, go to IP>Web Proxy and click on the connections tab. You will see a list of connections there as client devices access internet resources.

If you are setting this up remotely you can set your browser to use the Mikrotik router's WAN IP as it's proxy server. If everything is setup correctly you should be able to browse the internet normally using the Mikrotik as your proxy server. This should raise all sorts of red flags for many of you, but don't worry, we'll lock it down later. :)

Now we can start blocking stuff

This will block everything on somehdmoviesite.com

/ip proxy access add dst-host=*.somehdmoviesite.com action=deny

This will block only the video directory on somehdmoviesite.com

/ip proxy access add dst-host=*.somehdmoviesite.com path=/video/* action=deny

This will redirect any requests for anything on somehdmoviesite.com to infowest.com


/ip proxy access add dst-host=*.somehdmoviesite.com action=deny redirect-to=infowest.com


You can see that there are a lot of options here.

Lock it down

Now that we are done blocking sites and we know it's all working we can lock the web proxy down so that it won't be an open proxy that anyone in the world could use.

/ip firewall filter add chain=input in-interface=ether1-gateway src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop

Substitute ether1-gateway for the name of the WAN interface on your Mikrotik.

Hardy Haron Upgrade Difficulties

I upgraded my ubuntu 7.10 to 8.04 yesterday and I ran into a few snags. First of all the number pad on my keyboard wasn't working. That problem was easy to fix. I just had to uncheck "Allow to control the pointer using the keyboard" on the 'Mouse Keys' tab in System->Preferences->Keyboard.

The second problem was that I didn't have an internet connection. I could ping my gateway and I was getting dns, but I could not ping ip's or names on the internet. Oddly my VirtualBox virtual machines were online and I was able to browse the net on them without any problems.

I have yet to get this problem completely fixed, but I have found a workaround. I use bridged network adapters for my virtual machines, so I have a bridge setup that only includes eth0 and I have two VirtualBox adapters setup.

First I had to remove the virtualbox adapters
VBoxDeleteIF vbox0
VBoxDeleteIF vbox1

Next I had to remove the bridge (br0) by editing the /etc/network/interfaces file to look like this:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

After making that change I had to reboot (/etc/init.d/networking restart wasn't enough for some reason)

When everything had booted back up I changed /etc/network/interfaces back to this:
auto lo
iface lo inet loopback

auto br0
iface br0 inet dhcp
bridge_ports eth0

I saved the file and ran /etc/init.d/networking restart

Finally I recreated the VirtualBox adapters
VBoxAddIF vbox0 pete br0
VBoxAddIF vbox1 pete br0

Everything worked after doing all of this, but if I restart I have to redo everything! :( I hope to find a fix or at least a better workaround for this problem soon.

Changing the default runlevel in Ubuntu Server 7.10

It appears that in the most recent versions of Ubuntu upstart has replaced inittab as the mechanism used to change the default runlevel and to start and stop services at boot up and shutdown.

When I installed Ubuntu Server 7.10 the default runlevel was set to 'S' (single user). The single user runlevel isn't very useful with a server as it doesn't start any services on boot up. I needed sshd and httpd among other services to start on boot up. After a time consuming consultation with google I finally figured out how to change the default runlevel. I don't know that this is the best way to do it, but it worked for me.

Basically all I had to do was edit /etc/event.d/rc-default and change the occurances of 'telinit S' to 'telinit 5'

PANIC: CPU too old for this kernel

I just installed ubuntu 7.10 server on a Virtualbox machine and when I tried to boot it for the first time I got this error, "Panic: CPU too old for this kernel"

Apparently Virtualbox does not support guest PAE.

To fix it I had to boot up to the install cd and go into "rescue a broken system". After going through some hardware detection steps I finally got shell access. From there I ran "apt-get update" and "apt-get install linux-generic" to install the generic linux kernel. After rebooting I had to press the 'Esc' key to get the grub boot menu list. From there I was able choose to boot using the generic kernel. After booting up I modified the /boot/grub/menu.lst file so that it boots using the generic kernel by default.

windows update blank screen

I ran into a strange problem today and after a lot of digging I found a solution.

I was working on a computer that couldn't open the windows update web site. It would just get a blank screen. I also found that I was not able to login to hotmail and I couldn't insert pictures in Outlook Express. The user accounts utility in the control panel would also give me a blank screen.

I tried many different things to fix these problems. In the end I found that installing Windows script 5.6 fixed everything.

I hope I can save someone all of the trouble I went through to fix this problem. :)

Firefox 2.0 Features!

From the developer's own blog: New Bookmarks and History, Tabbed Browsing Enhancements, Improved Basic Content Type Handling, Web Search, Visual Uplift, Inline Spell Check and more! Check out the post for more detail...

read more | digg story

Random Facts About JACK BAUER

This is awsome. It's kind of like random facts about Chuck Norris, but better. :)

read more | digg story

Lumenlab Projector! Bringing Light To The World.

The community at Lumenlab has been helping people create low cost high resolution projectors for years.With recent advances and new bulbs coming to light, these DIY projectors are becoming possible, and may soon seriously rival commercial projectors, if they do not already today.Pictures http://www.lumenlab.com/forums/index.php?showforum=3

read more | digg story

New Linux-powered media center introduced

"The new Linux-powered set-top digital media center from Video Without Boundaries combines a PVR (personal video recorder) with multimedia functions. It has a built-in 200 GB hard drive a suggested list price of $1250."

read more | digg story

Run a web server from your phone

Nokia is testing the possibilities of running web server technology on mobile phones. This could change the way we think about the web.

read more | digg story