Hi all,
Ive created a dhcp-server to assign ips to clients that connect to it. Can someone help me out with the rule to allow these clients only open what i permit them to e.g. client can open http://www.google.com and nothing else without having to log on with their pppoe account.
Something like walled garden feature in Hotspot, but this time i want to achieve it using only firewall rules on my dhcp clients.
All help will be appreicated.
Thanks
You can do it with simple firewall rule.
src-address=[ip-pool] dst-address=xxxxxxx action=accept
src-address=[ip-pool] dst-address=xxxxxxx action=accept
src-address=[ip-pool] dst-address=xxxxxxx action=accept
src-address=[ip-pool] dst-address=xxxxxxx action=accept
src-address=[ip-pool] dst-address=xxxxxxx action=drop
Thanx valens, but if I may ask how do you do this using dst-address to be names and not ip?
Thanks again
Firewalls doesn’t work on names, it works on numbers…
nslookup give you the number
–
C
And if your names resolve to changing ip addresses (like dyndns names), or belong to big websites (server clusters/load balancers/content delivery networks/… with multiple ip addresses) then you do have a problem…
You HAVE to use ip addresses to configure firewall rules.
So depending on what you want to let your users access, using HotSpot (walled garden) or perhaps a transparent proxy with access rules would be easier.
Best regards,
Christian Meis
Hi guys,
Thanks so far for the help.
What I now did was create a dhcp-server and masqueraded all requests from it to only the dst-add i want it to go to. Therefore all requests are dropped except to the permitted one.
Now if I may ask, can anyone tell me how to make all requests to any site be redirected to the one page I have masqueraded to? I have tried creating a dst-nat for it, but instead it redirects to the Mikrotik Page on router.
Thanks again for any help…
Common guys any ideas??? 