Custom Page Redirect for One Time without Proxy/Hotspot

Hi, Sorry if this ressembles some forum threads but I have found some of them unanswered (i.e. http://forum.mikrotik.com/t/pppoe-hotspot/7278/1) I’m trying that the first web query from the hosts of one LAN can be redirected to a custom page, and after refreshing or opening another tab they can browse normally. I can’t set hotspot and proxy based solutions and have tested this set of rules and work fine but not that 100% i’d expected to.

1. I defined in mangle the first list FIRST_TIME to catch the users that begin to browse

ip firewall mangle add chain=prerouting action=add-src-to-address-list connection-state=new protocol=tcp dst-port=80 in-interface=ether1_LAN address-list=FIRST_TIME address-list-timeout=15s

2. I defined a second list from Ip Firewall Nat due to the fact AFAIK that Dst-nat actions go after mangling packets and I ordered the next rules to exclude people from being trapped in a loop:

ip firewall nat add chain=dstnat action=accept protocol=tcp dst-port=80 src-address-list=SECOND_TIME  comment=ByPass_Custom_Webpage
 
ip firewall nat add chain=dstnat action=dst-nat to-addresses=172.17.0.110 to-ports=80 protocol=tcp src-address-list=FIRST_TIME dst-port=80 comment=CUSTOM_WEBPAGE_REDIRECT
 
ip firewall nat add chain=dstnat action=add-src-to-address-list src-address-list=FIRST_TIME address-list=SECOND_TIME address-list-timeout=6h comment=Second_Time_Users_List_Adding 

ip firewall nat add chain=srcnat action=masquerade src-address=172.17.0.0/24 comment=LAN_Masquerading

It works but in some web browsers (IE8, firefox under Windows 7) refreshing don’t work, I have to re-open the browser instead to get them on-line. Maybe the problem is the way a setup the rules above; so, I’d like to ask you if this is possible in a better way under these conditions and if some Html coding could help. Thank you.

Try swapping the NAT rules that perform the actual redirect and add to the SECOND_TIME list so the redirect comes second, and set the passthrough option on the adding to the SECOND_TIME rule to yes.

That whole methodology is flawed, though. You are assuming that only browsers will load webpages, that is very untrue nowadays. The moment Windows starts all those little apps that run at startup will check for updates. The weather widget will get the current temperature from Yahoo. The Twitter ticker will query for the latest tweets. The virus scanner will look for signature updates. All of those will potentially be interpreted by your router just like a web browser being shown a splash page, and users will never be shown the redirect due to already having been added to the list of people that were redirected even though the app whose request was redirected never relay that to the user.
Why are you ruling out a proxy or Hotspot just for the initial redirect? You can pretty much completely bypass either one for all intents and purposes once the user is authenticated (or however else you want to refer to the state where they’ve seen the initial redirect) - the proxy option slightly more so than the Hotspot.

I am trying to do the same thing essentially.

The login process with Hotspot is clunky with various iPhone, iPad, and some laptop users. I want the user to be connected to the internet immediately, but on launch of a web browser, a one time/session redirect to a splash page. I agree with the background apps submitting port 80 requests without an actual browser session that the user views.

Is there a good way to do this?