Configuring SOCKS in MikroTik

I will give an example of setting up a SOCKS proxy server on Mikrotik.

I configured SOCKS so that operators from home could access client routers, since the client routers only had access via the WAN for one IP address – the office with this MikroTik.

It is configured very simply in the IP – Socks menu, I specified version 4, after which operators could successfully open ports 80, 8080 in the browser. To connect, the Mozilla Firefox browser was used, which has proxy settings at the very bottom of the settings.

Through the terminal SOCKS is enabled with the command:

ip socks set enabled=yes

ip socks> print
enabled: yes
port: 1080
connection-idle-timeout: 2m
max-connections: 200

The number of connections can be viewed with the command:

ip socks connections print

Let’s indicate who and where can connect, for example can connect anywhere, and only to network, with the last rule we will prohibit everything else:

ip socks access
add src-address= dst-port=0-65535 action=allow
add src-address= dst-port=0-65535 dst-address= action=allow
add action=deny

Also in the firewall I allowed connections only to trusted IP addresses (the rules must be before the prohibiting ones):

ip firewall filter
add action=accept chain=input dst-port=1080 protocol=tcp src-address=
add action=accept chain=input dst-port=1080 protocol=tcp src-address= comment="" 

When setting up SOCKS, I used standard TCP port 1080 without authorization, since access is still limited in the settings of SOCKS itself and the firewall. If access is not limited by IP address, then you need to specify a login and password for authorization, and also change the port.

See my other articles about MikroTik

Leave a comment

Leave a Reply