I have tried to search this, but nothing turned up.
I have a pppoe server, and am using Public IP, when a client expires, i have radius which will give him private IP address, how can i redirect these clients to a website ? would a nat rule with dst IP work ?
Many thanks.
you may simply dst-nat it to web-proxy, then add a rule with ‘action=deny redirect-to=http://abc.def/ghi.html’
Thanks for the reply.
I tried the below, but i get page cannot be displayed.
/ip firewall nat add chain=dstnat src-address=10.20.0.0/24 action=dst-nat to-addresses=202.24.12.1
the webserver, 202.24.12.1
But i would really need to redirect it to a URL, http://202.24.12.1/accounts/paynow.php
Can you please help me with the commands !
thanks.
/ip firewall nat add chain=dstnat src-address=10.20.0.0/24 action=redirect to-ports=3128 (your webproxy port)
/ip proxy access add src-address=10.20.0.0/24 action=deny redirect-to=<URL HERE>
I don’t have webserver running, do i need to run this on mikrotik ?
Chupaka did you try to rediret only one IP to proxy ? When Im try then it not work like this :
/ip firewall nat add chain=dstnat src-address=10.20.0.10/32 action=redirect to-ports=3128 (your webproxy port)
what exactly don’t work? I can’t see functional difference between those rules =)
http://wiki.mikrotik.com/wiki/IP/Proxy
so, what is 202.24.12.1?..
I just made that IP, but i meant external webserver, our home page. 202.24.12.1
So the pppoe client knows that the account has expired. if he sees the homepage or the pay here page.
diffrence is whole subnet or only one IP
src-address=10.20.0.0/24
src-address=10.20.0.10/32
When is whole subnet used then redirection work if redirect only one IP then I see errors in my browser …
just tested /32 mask with 4.2 - works fine for me… as usual =)
/ip firewall nat add chain=dstnat src-address=10.20.0.0/24 action=redirect to-ports=3128 (your webproxy port)
/ip proxy access add src-address=10.20.0.0/24 action=deny redirect-to=
I tried to put the rules, the first one came with error that i need to specify tcp/udp, so i choose tcp. but about webproxy, i need to enable the internal webproxy so that redirection can happen, is that right ?
thanks for the help.
or can i masqurade the range and firewall so that it only gets redirected to a certain webpage ?
yesss, TCP - always forgetting about this ))
sure, you should enable the webproxy
Just tested again … and as usualy 
there is problem:
first part working fine … I see me (this is my IP) that Im redirected to my web proxy ( 3130 port is my web-proxy) and trafic is growning …
/ip firewall nat add chain=dstnat action=redirect to-ports=3130 protocol=tcp src-address=192.168.3.40 in-interface=ether2 dst-port=80
But problems is starting when I put second part in web proxy :
/ip proxy access add src-address=192.168.3.40 action=deny redirect-to=www.myserver.com/blocked.htm
This rule I must disable to surf or I only have errors. Im also tested http://www.myserver.com/blocked.htm which is normaly accesible.
Im using latest ROS 4.3 on routerboard 450.
If I try all this with subnet redirection in firewall … also everything is work (all traffic is transparently redirected to web proxy) but when I enable this second part same story … It was not work … I was using this in older version before v4.X and then is working fine … this rule I was using for some “hackers” to stop him to use my network … but now this is not work for me .
I was accidently try this because Im turn off (disable) transparently redirection whole subnet to web proxy … hm because of 100 % percent procesor usage. Now Im try this on only one IP (same if I redirect whole subnet) to test again and now see that it is not work anymore .
Here is error which firefox give me:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
For me something is wrong with web proxy (redirection not work as before) … or maybe hotspot (which I use).
Strange thing is also when I disable web proxy and watch in status that request is growning … also received from servers and sent to client . Hm web proxy is disabled and in firewall redirection is disabled … I don no why is this hepening … maybe some bug ?
huh, what’s the IP of http://www.myserver.com? maybe try to add “dst-address=!that_ip” to your NAT rule…
Same error again … no change if I use http://www.myserver.com/blocked.htm or real IP http://192.168.11.yyy/blocked.htm
So to eliminate local server I was try to change to internet page http://www.imdb.com/title/tt1067106/ and of course it was not work … same error.
What version ROS are you using?
I test on 4.2
can you simply open http://192.168.11.yyy/blocked.htm with all rules enabled? check that connection to this server is not caught by redirect rule…
I cannot get this redirection to run, i have webproxy enabled on port 8080, and i do not get any hits.
Client dials in gets an ip from private pool, which is not masqurade, but does not get redirected to the payment website which is on public IP.
do i need to enable masquarade rule ? for this range ?
there is some mistake somewhere where i am not able to catch. The users are PPPoe.
opening http://192.168.11.yyy/blocked.htm
When is nothing enabled open ok
When is firewall redirection rule enabled open ok
When is proxy block and redirection rule enabled not opening
All time web proxy is running but firewall redirect is only my IP for testing …
Hm in this windoze I only have firefox … now Im suspisious about browser … I will test on another PC … another IP … I will tell back result for one hour …
sure, you clients with private addresses still have to be able to access your page w/o proxy
as I said: all accesses to the 192.168.11.yyy are still redirected to webproxy (and NAT rule counts packets). this should not happen if you set NAT rule’s parameters correctly…
No same thing if I use rule on another PC - IP … errors browser cant open any page .
I was also try with whole netwirk transparently redirect to proxy … proxy work … now Im send this via proxy but deny and redirect again not work …
So firewall work OK but not proxy …
I dont no how hotspot working … there is options (enabled) under hotspot user profile Transparent proxy