Forwarding local traffic on 80 to a specific IP address

mbfound · January 16, 2017, 2:03pm

Hi,

Can someone please assist with the correct firewall rule for forwarding all traffic from the local subnet (192.168.5.0/24) on port 80 and 443 (so websites) to a specific IP/website?

(I don’t want them to be able to browse any site other than the one I specify)

Not too clued up on firewall rules, so bear with me.

Currently I have this rule which I got from Googling a bit and is probably completely wrong:

/ip firewall nat
add action=dst-nat chain=dstnat comment=“Redirect Test” disabled=no
dst-port=80,443 in-interface=pppoe-out1 protocol=tcp src-address=
184.87.168.26 to-addresses=192.168.5.0/24

Can someone point in the right direction please?

Thanks
M

Sob · January 16, 2017, 3:02pm

Just take your rule and change it accordingly:

/ip firewall nat
add action=dst-nat chain=dstnat protocol=tcp dst-port=80,443 \
    src-address=192.168.5.0/24 to-addresses=<where it should go>

But it won’t work very well. You can configure target webserver to respond to requests for any hostname, that’s no problem. But it will only work for plain http. With https, users will get certificate errors.

mbfound · January 16, 2017, 3:28pm

Sob:

Just take your rule and change it accordingly:
/ip firewall nat
add action=dst-nat chain=dstnat protocol=tcp dst-port=80,443 \
    src-address=192.168.5.0/24 to-addresses=<where it should go>
But it won’t work very well. You can configure target webserver to respond to requests for any hostname, that’s no problem. But it will only work for plain http. With https, users will get certificate errors.

Thanks, it works and we’ll make it work with just http.