Hi,
I'm trying to avoid having to replace gateways on some wifi hotspot networks with transparent proxies by routing via our regular routing infrastructure, filtering off the HTTP traffic and pushing it through a proxy. I figure it's more scalable (as there are lots of these hotspot networks) to do this at the router than create loads of extra transparent proxy/router boxes to maintain.
Problem is I can't get it to work, here is the (abridged) configuration I've got so far: This is the interface on which everything gets routed to from the core switch:
ge-0/0/0 {
vlan-tagging;
unit 0 {
description Management;
vlan-id 1;
family inet {
filter {
input 4_incoming;
output 4_outbound_traffic;
}
inactive: sampling {
input;
output;
}
address 192.168.51.13/24;
}
This is the firewall filter to grab the HTTP:
jim@j4350# show firewall family inet filter 4_incoming
term 4_routeViaTransparentProxy {
from {
source-address {
192.168.98.0/23;
}
destination-address {
0.0.0.0/0;
}
destination-port http;
}
then {
count redirected;
routing-instance TransparentProxyVR;
}
}
term default {
then accept;
}
The routing instance (added an interface on the same network as the proxy to try and troubleshoot, didn't help):
jim@j4350# show routing-instances TransparentProxyVR
interface ge-0/0/0.545;
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.45.147;
}
instance-import Wildern_non-inet-routes;
}
I'm not seeing any traffic from my hosts on the hotspot network (192.168.98.0/23) at all - am I missing something here, or is there a better way to achieve this? Thanks!