RouterOS 反向代理

Multiple Web Servers

It works only for http connections not https connections, as transparent web proxy does not support https connections.

Imagine, that you have only one public IP address i.e. xxx.xxx.xxx.xxx, but want to host 3 web servers:

123.com@192.168.0.2
abc.com@192.168.0.3
456.com@192.168.0.4

1. Configure your web proxy

/ip web-proxy 
set enabled=yes src-address=0.0.0.0 port=8080 hostname="your.proxy" \ 
transparent-proxy=yes parent-proxy=0.0.0.0:0 \ 
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system \ 
max-cache-size=unlimited max-ram-cache-size=unlimited 
/ip web-proxy access 
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \ 
disabled=no 
add dst-port=80 action=allow comment="Enable Http Connection" disabled=no 

2. Configure Static DNS of domains to resolve to internal ip

/ip dns static add name=123.com address=192.168.0.2 
/ip dns static add name=abc.com address=192.168.0.3 
/ip dns static add name=456.com address=192.168.0.4 
/ip dns static add name=www.123.com address=192.168.0.2 
/ip dns static add name=www.abc.com address=192.168.0.3 
/ip dns static add name=www.456.com address=192.168.0.4 

3. Configure NAT to redirect traffic to webproxy

/ip firewall nat 
add chain=dstnat in-interface=outside dst-address=xxx.xxx.xxx.xxx protocol=tcp \ 
dst-port=80 action=redirect to-ports=8080 comment="" disabled=no 

The traffic for 123.com will be like this:

The web proxy will redirect traffic to the 123.com internal ip address which is 192.168.0.2

Internet --> xxx.xxx.xxx.xxx:80 ---> xxx.xxx.xxx.xxx:8080 --> 192.168.0.2:80

I hope this would be helpful

--Tinus

Don't forget to restrict url access to your proxy, otherwise your router could be used to redirect traffic to sites outside your network:

/ip proxy access 
add dst-port=80 dst-host="123.com" action=allow disabled=no
add dst-port=80 dst-host="abc.com" action=allow disabled=no
add dst-port=80 dst-host="456.com" action=allow disabled=no
add action=deny disabled=no

--maxx