How to send an end user a notification from the router?

Tabco · June 16, 2016, 4:52am

I am new to Mikrotik and an amateur at networking - I’ll keep my day job as I would starve if I had to make a living at networking!

I have used the collective wisdom located in the wiki and forum to create address blacklists from various websites with corresponding “drop” commands in my firewall. My questions is this: how do I notify an end user when their IP address request is dropped due to a blacklist hit please? I want to send a direct and immediate message to the end user. I’d prefer not to use email, sms and other such workarounds. I have no idea how to implement this. Any help would be greatly appreciated.

cdiedrich · June 16, 2016, 12:10pm

A very good point.
AFAIK there’s no notification method implemented in routerOS.

Instead of dropping the packets you could dstnat the requests to a local web server (a pi would surely suffice) giving out a warning page…

-Chris

Tabco · June 17, 2016, 1:37am

Thanks for the reply. An elegant solution, but it seems like quite a hassle to setup the delivery of a simple error message for a small network. Regardless, I appreciate your advice and will consider its implementation.

cdiedrich · June 20, 2016, 10:00am

I think I have a working solution now and just tested it myself:
In case you don’t use the web proxy feature on your router, this is the way to do it:

Enable web proxy:

/ip proxy
set always-from-cache=yes anonymous=yes cache-administrator="out of office" cache-on-disk=no enabled=yes max-fresh-time=1h serialize-connections=yes

Deny all dst addresses:

/ip proxy access
add action=deny dst-address=0.0.0.0/0

In Firewall, redirect your dst-adress-list to your local proxy port:

/ip firewall nat
add chain=dstnat dst-address-list=myBlacklist action=redirect protocol=tcp dst-port=80 to-ports=8080

Now The default error message will appear - which you can easily adjust to your needs. - It’s located in files/webproxy/error.html
In case you don’t see this file, go to IP → Web Proxy → Reset html.

Off you go.
-Chris

Edit: Just in case other protocols or ports are used, drop all non-http traffic:

/ip firewall filter
add chain=forward dst-address-list=myBlacklist action=drop

Tabco · June 22, 2016, 6:43am

Thanks for the code; it is not as complex as i had thought. Just so I get this correct, may i store the message (error.html) directly on the router or will i still need a separate local web server ?

cdiedrich · June 22, 2016, 6:57am

No extra servers involved - it is stored on the router (and automatically created once you enable the proxy feature).
-Chris

Tabco · June 23, 2016, 4:44pm

Thanks for the quick and great help. It is certainly much appreciated.