Hi,
Need help with blocking selected urls and redirecting to policy site, the redirect should work based on my client’s IP.
I do not want to use webproxy.
can I do it using dst-nat redirect?
Please help.
you can dst-nat only new TCP connections (without data transferred), and URL detection happens when data is being transferred - at that moment it’s too late to do NAT
so it’s only possible if you know destination IP address and don’t care about actual data (URL, etc) inside the connection
So, is there a way to block facebook or say youtube and redirect it to a google.com, since we know the ip address of these websites, also I have specified static IP address to my clients.
any other solution except webproxy will be deeply appreciated.
Of course you can if know the unwanted IPs:
/ip firewall nat add action=dst-nat chain=dstnat dst-address-list=RedirectOfUnwanted to-addresses=173.194.112.183
The only restriction is that the webserver under this new IP must not use Hostname based Virtual Hosts, otherwise you will see the perhaps unwanted default page. Google for example does not care about the requested hostname.
marting, the hidden problem is that both facebook and youtube are in internal HSTS list of Chrome browser, so they will only open via HTTPS, not HTTP. if you redirect it to the server with non-FB/YT certificate, Chrome user will see strict error, not target website
so, generally, it’s not possible to redirect Facebook and Youtube websites