Hi guys
I have the ip address of some (hotspot) users stored in an address list and want to redirect then to the a local web server where they can check their details.
Actually those users are blacklisted users and I want them to be redirected to the local web server without seeing the hotspot login page. What I have tried
When I tried this rule
ip firewall nat add chain=dstnat protocol=tcp src-address-list=Blacklisted action=dst-nat to-addresses=192.168.100.4 to-ports=80
it did not work, but when I replace the to-address with the router IP it worked but displaying the router webpage. Question
Why did it not work for the local web server IP but worked for the router IP?
What am I suppose to do now?
I am stuck.
You can’t redirect users just like that because the Hotspot grabs the traffic first. You will have to use on the hook chains to redirect before that happens. RouterOS provides a ‘pre-hotspot’ custom chain that the Hotspot will execute before doing its own work. Shift your rule into that chain instead.
That said, you’re redirecting all TCP traffic to a webserver. That’s probably not the best of ideas. You should redirect HTTP only, and the firewal can identify that for you. An adjusted rule is below. Also, your web server has to be set up to pretend to be any web server in the world since clients will think they’re talking to the real thing. That can be problematic. You may want to use the approach from http://wiki.mikrotik.com/wiki/Payment_Reminders instead, which uses the proxy to overcome that problem. Whether that’s necessary depends on your web server.