Client redirect to a web page

jansonz · December 4, 2006, 4:06pm

Hello,
I have problems to redirect non-paying clients to warning web page. I made dst-nat rule, but it wont redirect. Ok, clients do not have Internet enymore, but they don’t see the warning. My rule:
chain=dstnat src-address=80.x.x.x protocol=tcp action=dst-nat
to-addresses=80.x.x.y to-ports=8001

Where could be problem?? I also tried to put in the rule dst-port=80, but no changes..

cmit · December 5, 2006, 7:17am

Make that a

chain=dstnat src-address=80.x.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=80.x.x.y to-ports=8001

(include the dst-port paramter) or your webserver will see all kinds of TCP traffic redirected to it which it cannot really handle (SMTP, FTP, …).

If you made sure you have a webserver running on port 8001 at the address you redirect to, also take care to configure it so every errorpage (especially the 404 one) will show your “we’re missing money from you”-page. (As your client will perhaps request http://www.someaddress.com/this/other/page.html - and your webserver won’t have that special file…)

If that doesn’t work, try to explain better what acutally happens (“it won’t redirect, but they do not have internet”?).

Best regards,
Christian Meis

datawlan · December 20, 2006, 11:30am

Hi Cmit!

Yes, that is a good example.

For this reason I have to “run” an another server, just to be able to display the “PAY PLEASE” site?

Is it possible to redirect all port “80” requests to not an IP address, but a site (for.e.: http://www.WISP.com/nopay.html)?

Thanks a lot.

datawlan · December 20, 2006, 11:30am

Hi Cmit!

Yes, that is a good example.

For this reason I have to “run” an another server, just to be able to display the “PAY PLEASE” site?

Is it possible to redirect all port “80” requests to not an IP address, but a site (for.e.: http://www.WISP.com/nopay.html)?

Thanks a lot.

titius · December 20, 2006, 5:24pm

no you cant redirect to a web page just IP address, but you can make virtual web server on another port for examle http://ipaddress:81

sergejs · December 21, 2006, 8:41am

Redirection to domain address is also possible, but then transparent proxy should be enabled (web-proxy test package). 80 port number requests will be maintained by the proxy, but web-proxy test package access-list contains ‘redirect-to’ option, that might be used to redirect required requrest to the specific web-page.

datawlan · December 21, 2006, 8:52am

Thanks, guys, both solutions are perfect!

I guess making a virtual server is easier (especially for a newbie).

datawlan · December 21, 2006, 11:25am

Hi!

I’ve made a virtual server, which works perfect (from browser).

For some reason, this code below does not direct the SELECTED client to the right address.

chain=dstnat src-address=192.168.121.37/32 protocol=tcp dst-port=80 action=dst-nat to-addresses=80.64.x.y to-ports=81

It should be ok, or?

Many thanks

Datawlan

sergejs · December 21, 2006, 11:39am

Connection tracking has to be enabled on the router.
Make sure there are not any other NAT rules before this one.

datawlan · December 21, 2006, 9:08pm

Yes, It is on - and it works now!

Thanks for the help!

sergejs · December 22, 2006, 6:48am

datawlan
Where was the problem, when previously it does not work correctly ?

datawlan · December 23, 2006, 4:41pm

hmm..

There was another rule just before this dst-nat.

It was my mistake.

Regards