NAT redirection to a local web server not working
RouterOS general discussion

5 posts   •   Page 1 of 1
beepee
Member Candidate
Member Candidate
 
Posts: 136
Joined: Tue Sep 18, 2007 6:13 am

NAT redirection to a local web server not working

by beepee » Fri Aug 26, 2011 6:55 pm

Hi guys
I have the ip address of some (hotspot) users stored in an address list and want to redirect then to the a local web server where they can check their details.
Actually those users are blacklisted users and I want them to be redirected to the local web server without seeing the hotspot login page.
What I have tried
When I tried this rule
Code: Select all
ip firewall nat add chain=dstnat protocol=tcp src-address-list=Blacklisted action=dst-nat to-addresses=192.168.100.4 to-ports=80

it did not work, but when I replace the to-address with the router IP it worked but displaying the router webpage.
Question
Why did it not work for the local web server IP but worked for the router IP?
What am I suppose to do now?
I am stuck.

Thankx in adance.

fewi
Forum Guru
Forum Guru
 
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: NAT redirection to a local web server not working

by fewi » Fri Aug 26, 2011 7:07 pm

The Hotspot uses the dstnat chain as well - you can see the rules if you issue "/ip firewall nat print all", or in the manual: http://wiki.mikrotik.com/wiki/Manual:Customizing_Hotspot

You can't redirect users just like that because the Hotspot grabs the traffic first. You will have to use on the hook chains to redirect before that happens. RouterOS provides a 'pre-hotspot' custom chain that the Hotspot will execute before doing its own work. Shift your rule into that chain instead.

That said, you're redirecting all TCP traffic to a webserver. That's probably not the best of ideas. You should redirect HTTP only, and the firewal can identify that for you. An adjusted rule is below. Also, your web server has to be set up to pretend to be any web server in the world since clients will think they're talking to the real thing. That can be problematic. You may want to use the approach from http://wiki.mikrotik.com/wiki/Payment_Reminders instead, which uses the proxy to overcome that problem. Whether that's necessary depends on your web server.

Here the corrected rule:
Code: Select all
/ip firewall nat
add chain=pre-hotspot hotspot=http src-address-list=Blacklisted action=dst-nat to-addresses=192.168.100.4


With the proxy approach it would look like this:
Code: Select all
/ip proxy
set enabled=yes
set port=8081

/ip proxy access
add action=allow disabled=no dst-address=192.168.100.4
add action=deny disabled=no redirect-to="http://192.168.100.4/whatever.html"

/ip firewall nat
add chain=pre-hotspot hotspot=http src-address-list=Blacklisted action=redirect to-ports=8081
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

User avatar
gabak
newbie
 
Posts: 47
Joined: Fri Sep 01, 2006 7:10 am

Re: NAT redirection to a local web server not working

by gabak » Mon Nov 18, 2013 7:04 am

i have the same issue but i dont have hostspot.
how can it be solved?

reion
just joined
 
Posts: 6
Joined: Mon Nov 05, 2012 11:16 am

Re: NAT redirection to a local web server not working

by reion » Fri Nov 22, 2013 1:56 pm


shahbazian
Frequent Visitor
Frequent Visitor
 
Posts: 73
Joined: Fri Sep 09, 2011 6:22 pm
Location: Iran

Re: NAT redirection to a local web server not working

by shahbazian » Mon Dec 02, 2013 12:02 am

Hi gabak
You must add new masquerade rule like this:
Code: Select all
/ip firewall nat add chain=srcnat dst-address=192.168.100.4 action=masquerade

gabak wrote:i have the same issue but i dont have hostspot.
how can it be solved?
Learn MikroTik to improve your network.
( MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME, MTCINE )
MikroTik Certified Trainer & Consultant

If this post has been helpful you can give Karma.

5 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Bing [Bot], zyxnull and 30 guests

It is currently Sat Nov 29, 2014 7:54 am