Website redirect....

shadowteller · December 2, 2008, 6:21am

Layout:
A campground that has a wireless setup and also Kiosks. The kiosks sit on a separate network with a 10M Fiber Optic link.

The wireless network is connected to a single T-1. All routers are backhauled to a central point with a Hotspot server running on it.

Problem:
Campground would like to make it so a website like http://www.youtube.com gets redirected to a /block.html page on the MT router. Which is an HTML page that states that the site has been blocked but they can access the site at the Kiosks.

In the same scenario specific websites that violate the EULA they want a redirect to /violation.html page on the router which states they have reached a website that is forbidden.

these are both going to be manually controlled lists.

Question:
How would you go about doing this? Is it a match and mark scenario in the Firewall? How exactly is it done. Cause right now I can match a website and redirect it to another website, but I can’t select individual pages on the website. SO I can choose 192.168.100.1, but not 192.168.100.1/block.html

With Regards,
~prestN

macgaiver · December 2, 2008, 6:27am

It is possible only with web-proxy - “redirect-to” in access list.

shadowteller · December 2, 2008, 7:28pm

Thank you for timely reply…

So would you match inside the web-proxy as well instead of with Firewall rules?

Pepo · December 2, 2008, 10:03pm

ok, all
but i not understand, can any one give me a quick example ???
also i want some on my customers who only use webproxy and the others don’t use it
can any one give me a quick example to do that ???

macgaiver · December 3, 2008, 7:18am

Sorry, giving everything in examples will not achieve understanding - i will give you main points:

create an address-list with users you like to redirect
create a nat rule for this address list to redirect it to routers proxy
set up proxy
go into proxy access list and create necessary rules.

shadowteller · December 3, 2008, 8:40am

Thank you again for the timely response…

Step 4 is the one I am messing up…

Under Src address I have 10.10.10.0
Local Port 8080 which is port Transparent Proxy is running on
DST Host is w ww.youtube.com
Path is *
Method is Get
Action Deny
Redirect to 10.10.10.1/block.html

I get no hits to this

It also doesn’t work…what am I missing…

macgaiver · December 3, 2008, 10:04am

I just use youtube as path without any method

shadowteller · December 4, 2008, 12:31am

odd it still doesn’t work…must be something else scratches head

normis · December 4, 2008, 10:57am

is that PC actually using the proxy?

shadowteller · December 6, 2008, 7:03am

ip firewall nat add in-interface=lanport dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat

Will block with the “ERROR: Forbidden” page. But no other traffic will work.

ip firewall nat add in-interface=wanport dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat

Will allow all traffic but not block anything at all.

So I am not sure if I am messing up the firewall rule or the Proxy Settings.