Hi,

Can someone please assist with the correct firewall rule for forwarding all traffic from the local subnet (192.168.5.0/24) on port 80 and 443 (so websites) to a specific IP/website?

(I don't want them to be able to browse any site other than the one I specify)

Not too clued up on firewall rules, so bear with me.

Currently I have this rule which I got from Googling a bit and is probably completely wrong:

/ip firewall nat
add action=dst-nat chain=dstnat comment="Redirect Test" disabled=no \
dst-port=80,443 in-interface=pppoe-out1 protocol=tcp src-address=\
184.87.168.26 to-addresses=192.168.5.0/24

Can someone point in the right direction please?

Thanks
M

Just take your rule and change it accordingly:

Code: Select all

/ip firewall nat
add action=dst-nat chain=dstnat protocol=tcp dst-port=80,443 \
    src-address=192.168.5.0/24 to-addresses=<where it should go>

But it won't work very well. You can configure target webserver to respond to requests for any hostname, that's no problem. But it will only work for plain http. With https, users will get certificate errors.

Thanks, it works and we'll make it work with just http.