MikroTik

Hi guys
I have the ip address of some (hotspot) users stored in an address list and want to redirect then to the a local web server where they can check their details.
Actually those users are blacklisted users and I want them to be redirected to the local web server without seeing the hotspot login page.
What I have tried
When I tried this rule it did not work, but when I replace the to-address with the router IP it worked but displaying the router webpage.
Question
Why did it not work for the local web server IP but worked for the router IP?
What am I suppose to do now?
I am stuck.

Thankx in adance.

The Hotspot uses the dstnat chain as well - you can see the rules if you issue "/ip firewall nat print all", or in the manual: http://wiki.mikrotik.com/wiki/Manual:Cu ... ng_Hotspot

You can't redirect users just like that because the Hotspot grabs the traffic first. You will have to use on the hook chains to redirect before that happens. RouterOS provides a 'pre-hotspot' custom chain that the Hotspot will execute before doing its own work. Shift your rule into that chain instead.

That said, you're redirecting all TCP traffic to a webserver. That's probably not the best of ideas. You should redirect HTTP only, and the firewal can identify that for you. An adjusted rule is below. Also, your web server has to be set up to pretend to be any web server in the world since clients will think they're talking to the real thing. That can be problematic. You may want to use the approach from http://wiki.mikrotik.com/wiki/Payment_Reminders instead, which uses the proxy to overcome that problem. Whether that's necessary depends on your web server.

Here the corrected rule: With the proxy approach it would look like this:

i have the same issue but i dont have hostspot.
how can it be solved?

This is the solution
http://wiki.mikrotik.com/wiki/Hairpin_NAT

Hi gabak
You must add new masquerade rule like this:

i have the same issue but i dont have hostspot.
how can it be solved?