How to train your MikroTik Router — Transparent proxying using NAT

Introduction

What device should I get?

So what are these things anyway?

Device configuration guide

  • Update device software to latest long term version
  • Factory reset device
  • Configure basic device settings
  • Setup WiFi dual connectivity
  • Setup NAT interception

Update device software

Factory Reset Device

Configure Basic Device Settings

Setup WiFi Dual Connectivity

  • Name: <name of the upstream network>
  • Authentication Types: WPA PSK + WPA2 PSK
  • Unicast Ciphers: aes ccm + tkip
  • Group Ciphers: aes ccm + tkip
  • WPA Pre-Shared Key: <password of the upstream network>
  • WPA2 Pre-Shared Key: <password of the upstream network>
  • Interface: wlan2
  • SSID: <name of the upstream network>
  • Security Profile: <select profile you created in the previous step>

NAT Interception

  • Chain: dstnat
  • Src. Address: <IP address of device you want to intercept>
  • Protocol: 6 (tcp)
  • Dst. Port: <ports you want to intercept; for example “80,443”>
  • Action: dst-nat
  • To Addresses: <IP address of device running your proxy software>
  • To Ports: <port of your proxy software; usually “8080”>
  • Chain: srcnat
  • Src. Address: <IP address of device you want to intercept>
  • Dst. Address: <IP address of device running your proxy software>
  • Protocol: 6 (tcp)
  • Dst. Port: <port of your proxy software; usually “8080”>

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ryan Sheasby

Ryan Sheasby

Information Security Engineer, Passionate about AppSec, algorithms, Go, and ZFS, among lots of other things.