I have a question!

lordikonn · March 5, 2007, 7:51pm

Hello world!I used MikroTik on my netowrk as deafult router.I migrate from Red Hat 9.0 to MikroTik.It is the really powerfull router OS.
I read manny ideeas on this forum.Anywhare I have a question.
How can I block a customer?I wanna redirect all trafic from bad custommers on a easy page(put to another server beheind a MikroTik router).How can I do this?
P.S. other way (no arp-reply)?
e.g. 192.168.1.34 it is the bad custommer and all trafic from 192.168.1.34 I wanna redirect to 192.168.1.100(apache server).
please give me a ideea!
tnks a lot!

janisk · March 6, 2007, 6:29am

NAT

lordikonn · March 6, 2007, 9:46am

I agree with you; but I have 2 external connection.1 from one provider with a E1 connection and secondarry with an ADSL . I made netmap on 32 real ip at e1 and i make masquerade on ADSL line.I make a load balancing with failover powerfull router with MikroTik.It work verry good.
All I wanna do it is a redirect port 80 from bad custommers to another internal machine with an easy apache server.On this erver I wanna host a page with an attention message for the bad custommers. I try with NAT…but didn’t work. May-be you can put on this topic exactley the line with command to write in firewall to do this. Sure I make thomething wrong.
I will wait for your answer.best regards.

janisk · March 6, 2007, 9:53am

make address list of bad users
create nat rule that redirects incomings from list to other ip address (any to one)

to read about nat:
http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php

lordikonn · March 6, 2007, 12:47pm

Ok. Man I put in firewall nat rules for src-nat with netmap.
If I put another rule router dos not make anithing.All I wanna do is to mark packets on a bad route …and the bad customer don.t have internet.This is the right way..not another NAT rule. Now all I wanna do it is to redirect traffic on port 80 to another comp. behaind the router.On this comp I will host a easy page with anouncement for bad payers.
e.g. bad ip:192.168.1.103;local apache server ip:192.168.1.105.
now I wanna redirect http trafic from 192.168.1.103 to 192.168.1.105!
If the bad customer wanna acces and surf the web will appeare the apache page.Don.t work with NAT.If you can do this with NAT please write exactley on this topic.I tell you I try…

janisk · March 6, 2007, 1:08pm

post your dstnat rule that is redirecting your traffic

lordikonn · March 6, 2007, 4:04pm

I made this from winbox
it is a easy dst-nat…ip firewall–>nat>—add chain…dst-nat src-address=192.168.1.103 …action dst-nat to addresses=192.168.1.105
no traffic on 1.103 but…no acces to local apache…server..automatically.
I can do this only if I write in browser http://192.168.1.105 for example.
I wanna make this automatically the MikroTik router.in linux machine it works with prerouting..

maroon · May 24, 2007, 11:55am

lordikonn: I make a load balancing with failover powerfull router with MikroTik.

would you please post for us the configuration or script u had to have a powerful mikrotik router works as a load balance and failover..

your help is highly appreciated!

Regards