I will give an example of setting up a SOCKS proxy server on Mikrotik.
I configured SOCKS so that operators from home could access client routers, since the client routers only had access via the WAN for one IP address – the office with this MikroTik.
It is configured very simply in the IP – Socks menu, I specified version 4, after which operators could successfully open ports 80, 8080 in the browser. To connect, the Mozilla Firefox browser was used, which has proxy settings at the very bottom of the settings.
Through the terminal SOCKS is enabled with the command:
ip socks set enabled=yes
ip socks> print
enabled: yes
port: 1080
connection-idle-timeout: 2m
max-connections: 200
The number of connections can be viewed with the command:
ip socks connections print
Let’s indicate who and where can connect, for example 192.168.5.5 can connect anywhere, and 192.168.5.6 only to network 10.0.0.0/8, with the last rule we will prohibit everything else:
ip socks access
add src-address=192.168.5.5 dst-port=0-65535 action=allow
add src-address=192.168.5.6 dst-port=0-65535 dst-address=10.0.0.0/8 action=allow
add action=deny
Also in the firewall I allowed connections only to trusted IP addresses (the rules must be before the prohibiting ones):
ip firewall filter
add action=accept chain=input dst-port=1080 protocol=tcp src-address=192.168.5.5
add action=accept chain=input dst-port=1080 protocol=tcp src-address=192.168.5.6 comment="ixnfo.com"
When setting up SOCKS, I used standard TCP port 1080 without authorization, since access is still limited in the settings of SOCKS itself and the firewall. If access is not limited by IP address, then you need to specify a login and password for authorization, and also change the port.
See my other articles about MikroTik