MikroTik Router OS V3.0 User Manual

							src-address(IP addressnetmask) - source address of the IP packet
Notes
0
 
 	 
 
 
  	 
 	 	
 	

 8	 
 *
 
	 	 
 

 	   	 	
	 8
  

 	
 	
 
Cache Management
Home menu level:/ip proxy cache
Description
3	 	 
   8
 &	
 ( 	 	( 
  	 	  
 	
  

  
  

 	
 
 	 	 	   	 
 5	
 	


 
 	 4
 & 
 	

   

Property Description
action(allow|deny; default:allow) - specifies the action to perform on matched packets
•allow- cache objects from matched request
•deny- do not cache objects from matched request
dst-address(IP addressnetmask) - destination address of the IP packet
dst-port(port) - a list or range of ports the packet is destined to
local-port(port) - specifies the port of the web proxy via which the packet was received. This
value should match one of the ports web proxy is listening on.
method(any|connect|delete|get|head|options|post|put|trace) - HTTP method used in the
request (see HTTP Methods section in the end of this document)
path(wildcard) - name of the requested page within the target server (i.e. the name of a particular
web page or document without the name of the server it resides on)
path(wildcard) - name of the requested page within the target server (i.e. the name of a particular
web page or document without the name of the server it resides on)
src-address(IP addressnetmask) - source address of the IP packet
Connection List
Home menu level:/ip proxy connections
Description
 
 

	
 
 
  

 



 
   (

Property Description
dst-address(read-only: IP address) - IP address of to which data are passed via this proxy
protocol(read-only: text) - protocol name
Page 400 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							rx-bytes(read-only: integer) - the amount of bytes received from the remote end
src-address(read-only: IP address) - IP address of the remote end of the connection
state(read-only: connecting|idle|resolving|rx-body|rx-header|tx-body|tx-header) - opened
connection state
•connecting- establishing connection with server
•idle- waiting for next client to serve
•resolving- resolving servers DNS name
•rx-body- receiving HTTP body
•rx-header- receiving HTTP header; or waiting for next request from client
•tx-body- transmitting HTTP body
•tx-header- transmitting HTTP header
tx-bytes(read-only: integer) - the amount of bytes sent to the remote end
Cache Contents
Home menu level:/ip proxy cache-contents
Description
 
 
 	 
  
 
 
 	
Property Description
file-size(read-only: integer) - size of the stored file
last-accessed(read-only: date) - date of the last access to the resource
last-accessed-time(read-only: time) - time of the last access to the resource
last-modified(read-only: date) - modification date
last-modified-time(read-only: time) - modification time
uri(read-only: text) - full resource name
Cache inserts
Home menu level:/ip proxy inserts
Description
 
  
	

 
 4
 
 
 	 &	 


Property Description
denied(read-only: integer) - number of inserts denied by the caching list
errors(read-only: integer) - number of disk or other system-related errors
no-memory(read-only: integer) - number of objects not stored because there was not enough
memory
Page 401 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							successes(read-only: integer) - number of successfull cache inserts
too-large(read-only: integer) - number of objects too large to store
Cache Lookups
Home menu level:/ip proxy lookups
Description
 
  
	

 
 4
 	  	 &	 
Property Description
denied(read-only: integer) - number of requests denied by the access list
expired(read-only: integer) - number of requests found in cache, but expired, and, thus, requested
from an external server
no-expiration-info(read-only: integer) - conditional request received for a page that does not have
the information to compare the request with
non-cacheable(read-only: integer) - number of requests requested from the external servers
unconditionally (as their caching is denied by the cache access list)
not-found(read-only: integer) - number of requests not found in the cache, and, thus, requested
from an external server (or parent proxy if configured accordingly)
successes(read-only: integer) - number of requests found in the cache
Complementary Tools
Description
6  	 	

	 	
 
 	
 

7
 (   	
  	
 
 (

   (  
 
Command Description
check-drive- checks non-system cache drive for errors
clear-cache- deletes existing cache and creates new cache directories
format-drive- formats non-system cache drive and prepairs it for holding the cache
Transparent Mode
Description
	
	

  	
  8
 	
 
( 
 
 
7  	 
   



 
	
  



  
   
  	
 
  

 
 
  	

	

	 
	

  
 
	   

Page 402 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							 	
 	 	   
 
  
  

    
 
 



	


 
	 
 
	
	

  	 	 	  
 

	

 9+ 
  



id
est
	 
 
  
   
 
 
 
Notes
 
 ,$ 
	  
 
 
	
	

   
   ,$! 	
 #$ 
 	 


 
  
 	
Example
 
 
 
 
 
	
	

 
 	 



 
 
 !

	 
 
(+


   


 
 
(+(+ 

 	 
 
 

	

 9+ 
[admin@MikroTik] > /ip firewall nat add in-interface=ether1 dst-port=80 \\... protocol=tcp action=redirect to-ports=8080 chain=dstnat[admin@MikroTik] > /ip firewall nat printFlags: X - disabled, I - invalid, D - dynamic0 chain=dstnat protocol=tcp in-interface=ether1 dst-port=80 action=redirectto-ports=8080[admin@MikroTik] >
) 		 
	
   

  	 
 	 
 
%  	 	
 	

  
  	( 

  	
 
 
  
$$$( 

 

 
 	 

 (	  

 
% *$ 	  
 
  	
 
/ip firewall nat add in-interface=ether1 dst-port=80 \\... protocol=tcp action=redirect to-ports=8080 chain=dstnat dst-address=!1.1.1.1/32
*
  	 
	
 
 
% 	 !%!%!%!2&
HTTP Methods
Description
OPTIONS
 
  	 8
  
	

 	
 
 
	

 

 	(		 
 
 	
 



 

 	
 
 ( 

  
3:
N34  
 	 
 

 
 

 



 	
 & 
 8

 		
 
 	  

 

	

 	
  
(	
GET
 
 
( 	
( 
	

 

  
3:
N34 * 
3:
N34 

	 	
	 
  
	
 
 
 
 
O8#
  

	
 	
	   

 

 
    
  &7 
 
   
 
  
 
O8#
 	
  	conditionalO8# 
 8
 	 
 	
4	?
	
0
J
4	N
	
0
J 4	?
 J 4	?
  4	3	   


	O8#
Page 403 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							
   
  
 

 
	 
 
	
 
 
	
  
 


   


 
	
   


	 	 &7
O8#
 	
  	partialO8# 
 8
 	 
 	3	  
	
	O8#
 


 
  

	 

 	  8

 
 	
  





 
	

 	
	 		   


 
 
 	O8#8
  		  	
 
  
 
 
 8

  ,$ 	

HEAD
 
 	 	 	
 O8#
 
 
	
 
 ( 
 

 

 	 	7 


 
  
( 
 
	
	

  
 


   
 8
  	 
 	 
	  
  


 

 
  (	
 	
 	
 

 	


 
 
 	8./8
 	  		 
 
 	 
	
 
 
	

 

	
 
 


 	   
 	
 ( 	 


 

  
	
3:
N34
POST
 
 8
 
	
 
 
 ( 	
 
 


 
 
 
 8
 	 	 
 
	

 
  

  
3:
N34
 	
	 	

   
5
						

							IP Pools
Document revision 0.1 (January 14, 2008, 9:50 GMT)
This document applies to MikroTik RouterOS V3.0
Table of Contents
TableofContents
Summary
Specifications
Description
Notes
Setup
PropertyDescription
Example
UsedAddressesfromPool
Description
PropertyDescription
Example
General Information
Summary
*$  	  
 
 	
  *$ 	 
	
    5,3$ ( 	
 $

7
7$

 (
Specifications
Packages required:system
License required:level1
Home menu level:/ip pool
Standards and Technologies:none
Hardware usage:Not significant
Description
*$    *$ 	  
 	 *
  	 
 
	

 

  	 	
 
	
	
 *$ 	 
 


Notes
6
(  
 	  	  (
 
 
 	 

 & 69F1*9#  	
Setup
Home menu level:/ip pool
Page 405 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							Property Description
name(name) - the name of the pool
next-pool(name) - when address is acquired from pool that has no free addresses, and next-pool
property is set to another pool, then next IP address will be acquired from next-pool
ranges(IP address) - IP address list of non-overlapping IP address ranges in form of:
from1-to1,from2-to2,...,fromN-toN. For example, 10.0.0.1-10.0.0.27,10.0.0.32-10.0.0.47
Example
 
 	  
	

 
!+%+%+%!!+%+%+%!&*	 	
 
 	
	% 	
!+%+%+%!	
 (% 	!+%+%+%!++ 	
 
 
   
 

!+%+%+%&++!+%+%+%&*+	 	

[admin@MikroTik] ip pool> add name=ip-pool ranges=10.0.0.2-10.0.0.99,10.0.0.10110.0.0.126[admin@MikroTik] ip pool> add name=dhcp-pool ranges=10.0.0.200-10.0.0.250[admin@MikroTik] ip pool> print# NAME RANGES0 ip-pool 10.0.0.2-10.0.0.9910.0.0.101-10.0.0.1261 dhcp-pool 10.0.0.200-10.0.0.250
[admin@MikroTik] ip pool>
Used Addresses from Pool
Home menu level:/ip pool used
Description
,  	
  	  *$ 	  *$ 
Property Description
address(read-only: IP address) - IP address that is assigned to client form the pool
info(read-only: name) - name of the interface to which the client is connected to
owner(read-only: MAC address) - MAC address of the client
pool(read-only: name) - name of the IP pool
Example
!  	  
[admin@MikroTik] ip pool used> printPOOL ADDRESS OWNER INFOlocal 192.168.0.100 00:0C:42:03:1F:60 testlocal 192.168.0.99 00:0C:42:03:21:0F test
Page 406 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							SOCKS Proxy Server
Document revision 1.4 (January 14, 2008, 11:23 GMT)
This document applies to MikroTik RouterOS V3.0
Table of Contents
TableofContents
Summary
Specifications
Description
Notes
AdditionalDocuments
SOCKSConfiguration
Description
PropertyDescription
Example
AccessList
Description
PropertyDescription
ActiveConnections
Description
PropertyDescription
Example
FTPservicethroughSOCKSserver
General Information
Summary
 	
	  
 ! 3L!  (   

 
 
 !  
 !

 ! 3L! (
 D
Specifications
Packages required:system
License required:level1
Home menu level:/ip socks
Standards and Technologies:SOCKSversion4
Hardware usage:Not significant
Description
! 3L!  	  ( 
	
 	 3$ 	 		

 	
	 
 	 	 
 	 (
  

	   
 	
  ! 3L! 
  



  		

 
  
 	
 
  	
 (  666 #$ FA9F 	
 

+
 
 	
 		

 

 


 
 
 ! 3L!  ( 

 
  (  
 

Page 407 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							
 
  
 
 

  
 
 	 
 
 		

   

  
  



  (  
 	
 
 
 		

 ( 	
 	
 	 



 

 
 		


( 	
 


Notes
 
 
  		

 

 
  ! 3L! (
 D
E   
 ! 3L!  
 
 	 
 	
1 	 
 	 	  

#	
 
  
  ( 	 

 
  
  

 	
 	 ( 	 	 
	 
 
 4
 	 
 
 

Additional Documents
•*
	

	
! 3L!
SOCKS Configuration
Description
*
 
 

   	
  
 
	 
 ! 3L!  ( 	
  
 
	


Property Description
connection-idle-timeout(time; default:2m) - time after which idle connections are terminated
enabled(yes | no; default:no) - whether to enable or no the SOCKS proxy
max-connections(integer: 1..500; default:200) - maxumum number of simultaneous connections
port(integer: 1..65535; default:1080) - TCP port on which the SOCKS server listens for
connections
Example
 
	 ! 3L!
[admin@MikroTik] ip socks> set enabled=yes[admin@MikroTik] ip socks> printenabled: yesport: 1080connection-idle-timeout: 2mmax-connections: 200[admin@MikroTik] ip socks>
Access List
Home menu level:/ip socks access
Description
*
 
 ! 3L! 	 
  	
 	    

 	 
 ! 3L! (  
  	 

Page 408 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

								 

Property Description
action(allow|deny; default:allow) - action to be performed for this rule
•allow- allow packets, matching this rule, to be forwarded for further processing
•deny- deny access for packets, matching this rule
dst-address(IP addressnetmask) - destination (servers) address
dst-port(port) - destination TCP port
src-address(IP addressnetmask) - source (clients) address for a packet
src-port(port) - source TCP port
Active Connections
Home menu level:/ip socks connections
Description
 +
( 3



 
  	 
	 3$ 



  	 	

	
 
 
 ! 3L!
 (
Property Description
dst-address(read-only: IP address) - destination (application server) IP address
rx(read-only: integer) - bytes received
src-address(read-only: IP address) - source (application client) IP address
tx(read-only: integer) - bytes sent
type(read-only: in|out|unknown) - connection type
•in- incoming connection
•out- outgoing connection
•unknown- connection has just been initiated
Example
  

 3$ 




[admin@MikroTik] ip socks connections> print# SRC-ADDRESS DST-ADDRESS TX RX0 192.168.0.2:3242 159.148.147.196:80 4847 28801 192.168.0.2:3243 159.148.147.196:80 3408 21272 192.168.0.2:3246 159.148.95.16:80 10172 252073 192.168.0.2:3248 194.8.18.26:80 474 16294 192.168.0.2:3249 159.148.95.16:80 6477 186955 192.168.0.2:3250 159.148.95.16:80 4137 275686 192.168.0.2:3251 159.148.95.16:80 1712 142967 192.168.0.2:3258 80.91.34.241:80 314 2088 192.168.0.2:3259 80.91.34.241:80 934 5249 192.168.0.2:3260 80.91.34.241:80 930 52410 192.168.0.2:3261 80.91.34.241:80 312 15811 192.168.0.2:3262 80.91.34.241:80 312 158
Page 409 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.