Hello all.
I have a wlan and I want anyone who connects to that wlan when opens an internet browser and type any web address to redirect to a specific web site.
I tried
IP->Firewall->Nat
chain=dstnat
src-address=0.0.0.0/0 (or 10.22.11.96/28 which is my wlan subnet)
protocol=tcp
dst-port=80,443
action=dstnat
to-address=(web server address)
to-ports=80 (or without this)
But is not working. Am I doing something wrong? Is it something related to application layer?
Anyone?
More details about “not working” could help.
Generally, you can hijack http connections and redirect them to your server and it will work fine as long as web server is configured to accept requests to any hostname. But you can’t do that for https, it will result in certificate errors and you can’t do anything about it (unless you install your own CA to every client computer and create fake certificates for requested sites on the fly).
Thank you Sob !
“Not working” was that I saw packets comes to DST-NAT rule but the browser not goes to the specific site.
The admin of the server said that now the web server accept requests to any host name and the redirect working.
Thanks for the advice !