Capturing and redirecting ALL traffic

ADanFromCanada · March 16, 2012, 8:59pm

Hi all,

I’m new to the forum. I have a specific problem that I have been trying to solve for weeks. I apologize if it’s redundant, believe me I have done many a google search but to no avail. Thus, I’m turning to you, helpful Mikrotik community I am a software developer, not a network engineer. I am quite out of my element here so please forgive my ignorance.

When I SSH/terminal into my router, it reports my routerOS version as 5.7.

What I am trying to do is this:

I have my Mikrotik router sitting behind another router which provides internet access. The Mikrotik slots in fine. Both routers are broadcasting fine and usable “out of the box.” The situation I’m looking for is basically this: when connected to the original router, all traffic passes through like normal (no problems here), but when connected to the Mikrotik router, I want any and all requests intercepted, and an external internet host (URL ideally, but IP address if necessary) requested and returned to the user instead.

Now, I know, what I am describing here is the Hotspot + Walled Garden solution. And, I’ve gotten this working (only took me 3 or 4 days! not bad eh?), by allowing the host/website I want retrieved in the Walled Garden, and replacing my hotspot HTML files with ones that automatically forward/redirect to that site.

This is exactly what I want, except for one thing: It is important to me that ANY request that the user makes gets redirected. Currently, only URLs that the user requests that have a valid DNS entry on the supplied DNS server (my ISP’s or Google’s currently - I do not have one of my own) cause the action I require. Everything else returns a page or server not found error/page.

So, imagine, a user connects wirelessly to the Mikrotik router. Opens up their browser and types “app” or “menu” - that should lead them to my external web server.

Now, I have tried playing around with Proxy settings, DNS settings, NAT settings, Hotspot settings, etc. and I just can’t figure out how to make this work (I am approaching 100 hard resets, I am sure). My most recent thought was that I needed to capture the request before it was sent out to a DNS server and so I tried some commands I found online that would use routerOS’ internal DNS… but I couldn’t get it to work. Now I think maybe it has something to do with the NAT/firewall settings, but as I said above, this puts me pretty far out of my element.

Anyway, I hope that’s enough information to get the help I need. Sorry for the long-winded post.

Best Regards & Thanks in advance,
Dan

reverged · March 17, 2012, 1:05am

The built in dns server supports regular expressions for domain name.

e.g.:

/ip dns static add name=".*" address=5.5.5.5

Any dns request to the ROS dns server results in 5.5.5.5

The hotspot intercepts udp/53 already.
Anything else won’t make it through the hotspot, except walled garden entries.
Then on your webserver, redirect any url to a fixed url or setup a proxy to do that.

This may give unwanted results as EVERY dns request to the router results in 5.5.5.5 regardless of interface.

ADanFromCanada · March 17, 2012, 1:39am

Hi there,

Thanks for your reply!

It doesn’t work as I need it to though. For example, if I type in “help”, I get:

Server not found
Firefox can’t find the server at help.

It seems like the router isn’t reading the DNS table?

My “/ip dns static print” table looks as I’m sure you expect it to:

> /ip dns static print
Flags: D - dynamic, X - disabled, R - regexp 
 #     NAME          ADDRESS                                         TTL         
 0   R router        192.168.88.1                                    1d          
 1  XR .*            69.90.149.5                                     1d

(XR because I had to disable it to resume normal function - all valid DNS requests DO forward as expected).

As a secondary/follow-up to this, assuming it’s possible, can the site/address each user gets forwarded to be specified via. a domain name without too much additional complication (ie. that ADDRESS parameter must take an IP address, but is there a way around that)?

Thanks again,

Dan

reverged · March 17, 2012, 5:19am

It is sort of working for me. Although different browsers give different results.

I added a domain in the dhcp network setup. This fixed Firefox.
Windows will look for help.domain if you nslookup “help”

It will look up “help” if you nslookup “help.”

Also, between experiments, clear cache. Browser cache and Windows cache. DNS is cached everywhere.
Close the browser and reopen if you don’t have access to dns cache clearing.
Run: ipconfig /flushdns
from a dos window.

I use OpenDNS (/ip dns set servers=208.67.222.222,208.67.220.220) so anything that does not resolve is replaced with an OpenDNS IP, so you always get their site. This works in Firefox but Chrome still goes to Google for url’s like “help” “a” “where”

As long as the url resolves to something and triggers the hotspot, redirection will work.

There might be an easier way to do this…

As a secondary/follow-up to this, assuming it’s possible, can the site/address each user gets forwarded to be specified via. a domain name without too much additional complication (ie. that ADDRESS parameter must take an IP address, but is there a way around that)?

I’m not sure exactly what you want to do here. If you use hotspot, then you can control where they go using the hotspot redirect.
The dns stuff is simply to get any dns to resolve to something so the browser can make the http request which triggers the hotspot.

ADanFromCanada · March 19, 2012, 5:38pm

Hi there,

Thanks again for your replies!

First of all, nevermind my secondary/follow-up comment. It turns out to be misguided/irrelevant.

Regarding the rest of it. Your guidance has helped immensely! I’ve got this working to 95% of the way I want/need it to.

To summarize:

I’ve got a HotSpot setup.
I’ve allowed the host I want to be accessible via. the walled-garden.
I’ve added .* to the static DNS list with the IP of my host.
I’ve customized the hotspot pages to automatically forward to my URL/host.
Finally, before testing, I cleared all my cached DNS records (router & OS)

One thing that threw me off was that what gets typed into the browser’s address bar REQUIRES a “.” in it for a/the DNS server to resolve. Do you know if there is a way around this requirement? For example, everything works as needed if I type strings like “help.go” or “view.menu” but not simply “help” or “view”. I’ll understand if this is part of the DNS spec. and unavoidable. But then again, do you think it’s possible to implement my own DNS server (using an open source software, not something I’d code myself) that handles non-period-including requests?

Anyway, regardless of the answer to the last part, thank you very much for your help! You’ve kind of saved my ass here as I was really having trouble getting through this

Dan