Hi I need some help. I need to make limit access for PPPoE.
PPPoE clients pool IP is 10.80.40.0/24
I want limit access only to some web site for example:
www.paypal.com
Any help I will appreciate.
Thanks!
enabled: yes
src-address: 10.80.40.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: "webmaster"
max-cache-size: none
cache-on-disk: no
max-client-connections: 5000
max-server-connections: 5000
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: primary-slave
/ip proxy access
add action=allow comment="" disabled=no dst-host=www.mydomain.com\
redirect-to=www.mydomain.comsrc-address=10.80.40.0/24
add action=deny comment="" disabled=no dst-host=*.* redirect-to=\
www.mydomain.comsrc-address=10.80.40.0/24
add action=allow comment="" disabled=no dst-host=www.paypal.com src-address=\
10.80.40.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.80.40.0/24
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.66.40.0/23
add action=redirect chain=PROXY-LIMIT comment="" disabled=no dst-port=8080 \
in-interface=ether1 protocol=tcp src-address=10.80.40.0/24
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=0-79 \
protocol=tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=81-442 \
protocol=tcp src-address=10.80.40.0/24 to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=444-65535 \
protocol=tcp src-address=10.80.40.0/24 to-ports=8080
chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=10.80.40.0/24 dst-address=64.178.214.6 dst-port=443
/ip firewall filter
add action=drop chain=input comment="" disabled=no dst-port=8080 \
in-interface=ether1 protocol=tcp src-address=10.80.40.0/24
you cannot use transparent proxying for https
I think, you should just get IP addresses of paypal servers, allow port 443 to there addresses and then block all the rest. all in firewall filter, w/o webproxy