Community discussions

MikroTik App
 
beepee
Member Candidate
Member Candidate
Topic Author
Posts: 139
Joined: Tue Sep 18, 2007 6:13 am

NAT redirection to a local web server not working

Fri Aug 26, 2011 6:55 pm

Hi guys
I have the ip address of some (hotspot) users stored in an address list and want to redirect then to the a local web server where they can check their details.
Actually those users are blacklisted users and I want them to be redirected to the local web server without seeing the hotspot login page.
What I have tried
When I tried this rule
ip firewall nat add chain=dstnat protocol=tcp src-address-list=Blacklisted action=dst-nat to-addresses=192.168.100.4 to-ports=80
it did not work, but when I replace the to-address with the router IP it worked but displaying the router webpage.
Question
Why did it not work for the local web server IP but worked for the router IP?
What am I suppose to do now?
I am stuck.

Thankx in adance.
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: NAT redirection to a local web server not working

Fri Aug 26, 2011 7:07 pm

The Hotspot uses the dstnat chain as well - you can see the rules if you issue "/ip firewall nat print all", or in the manual: http://wiki.mikrotik.com/wiki/Manual:Cu ... ng_Hotspot

You can't redirect users just like that because the Hotspot grabs the traffic first. You will have to use on the hook chains to redirect before that happens. RouterOS provides a 'pre-hotspot' custom chain that the Hotspot will execute before doing its own work. Shift your rule into that chain instead.

That said, you're redirecting all TCP traffic to a webserver. That's probably not the best of ideas. You should redirect HTTP only, and the firewal can identify that for you. An adjusted rule is below. Also, your web server has to be set up to pretend to be any web server in the world since clients will think they're talking to the real thing. That can be problematic. You may want to use the approach from http://wiki.mikrotik.com/wiki/Payment_Reminders instead, which uses the proxy to overcome that problem. Whether that's necessary depends on your web server.

Here the corrected rule:
/ip firewall nat 
add chain=pre-hotspot hotspot=http src-address-list=Blacklisted action=dst-nat to-addresses=192.168.100.4
With the proxy approach it would look like this:
/ip proxy 
set enabled=yes
set port=8081

/ip proxy access
add action=allow disabled=no dst-address=192.168.100.4
add action=deny disabled=no redirect-to="http://192.168.100.4/whatever.html"

/ip firewall nat 
add chain=pre-hotspot hotspot=http src-address-list=Blacklisted action=redirect to-ports=8081
 
User avatar
gabak
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Sep 01, 2006 7:10 am

Re: NAT redirection to a local web server not working

Mon Nov 18, 2013 6:04 am

i have the same issue but i dont have hostspot.
how can it be solved?
 
reion
just joined
Posts: 24
Joined: Mon Nov 05, 2012 10:16 am

Re: NAT redirection to a local web server not working

Fri Nov 22, 2013 12:56 pm

 
User avatar
shahbazian
Trainer
Trainer
Posts: 169
Joined: Fri Sep 09, 2011 6:22 pm
Location: Iran
Contact:

Re: NAT redirection to a local web server not working

Sun Dec 01, 2013 11:02 pm

Hi gabak
You must add new masquerade rule like this:
/ip firewall nat add chain=srcnat dst-address=192.168.100.4 action=masquerade
i have the same issue but i dont have hostspot.
how can it be solved?

Who is online

Users browsing this forum: Bing [Bot], godel0914, GoogleOther [Bot], onnyloh and 100 guests