Is it possible to configure Mikrotik-Advertise-URL option with PPPoE not with Hotspot? I'm not sure if this option works only with Hotspot. I set advertise URL and interval and no effects.
If this works only with HotSpot what is the best solution to redirect customer periodically (e.g. 4 times a hour) to web page (payment reminder)
Re: Mikrotik-Advertise-URL with PPPoE environment
PPPoE traffic doesn't go through the Hotspot servlet so the router can't redirect host traffic for advertisements like it can for Hotspots.
You could enable the web proxy and make a deny all rule with a redirect to your payment page, and then create a firewall ruleset that checks if users are on an address-list whenever they access something on tcp/80. If they are not, jump into a chain that adds them to the list for four hours and then transparently proxies them, causing the proxy request to be denied with a redirect to the payment page.
You could enable the web proxy and make a deny all rule with a redirect to your payment page, and then create a firewall ruleset that checks if users are on an address-list whenever they access something on tcp/80. If they are not, jump into a chain that adds them to the list for four hours and then transparently proxies them, causing the proxy request to be denied with a redirect to the payment page.
Re: Mikrotik-Advertise-URL with PPPoE environment
Could you write example firewall rules? I fight for few hours but without success.
I created ppp chain, then payments_chain with action "add src to address list". I put radius parameter "Filter-id" to "payments_chain" for these customer I want remind about payment.
I created ppp chain, then payments_chain with action "add src to address list". I put radius parameter "Filter-id" to "payments_chain" for these customer I want remind about payment.
Re: Mikrotik-Advertise-URL with PPPoE environment
You can't use Filter-Id as that's too late in the packet process, the decision on whether the client is to be redirected must be made before destination NAT (where redirects to the web proxy happen), so the only thing that qualifies is pre-routing mangle. There is an undocumented RADIUS attribute that adds people to an address list for the duration of their session, I don't know if it works with PPPoE but if it does the below would work with central administration when you set that attribute. If not, you'll have to manually maintain address lists on the router (maybe via API calls?). It is attribute number 19 for the same vendor, called Mikrotik-Address-List and of type string.
Assuming that you have an address-list named "payment_reminder" that contains all clients that need to be shown redirects, you would first mark all TCP/80 connections of those customers as something potentially to be redirected. In a second rule you decide whether they actually are to be redirected:
Now all connections to TCP/80 from people on the payment_reminder address-list but not on the has_seen_reminder list are marked "payment_reminder". Next step in packet flow is destination NAT, so redirect those connections to the web proxy (adjust ports if your web proxy doesn't listen on 8080):
At this point the packet will go to the router (proxy) instead of being routed through it, so the input chain will see the packet. Use the connection-mark to add the source address to the has_seen_reminder address-list with a timeout of 4 hours so that the next new connection to TCP/80 by that customer will not be redirected:
Just for completion's sake, the web proxy configuration would look like this:
All of that is completely untested. Hope it works.
Assuming that you have an address-list named "payment_reminder" that contains all clients that need to be shown redirects, you would first mark all TCP/80 connections of those customers as something potentially to be redirected. In a second rule you decide whether they actually are to be redirected:
Code: Select all
/ip firewall mangle
add chain=prerouting connection-state=new src-address-list=payment_reminder protocol=tcp dst-port=80 action=mark-connection new-connection-mark=potential_payment_reminder passthrough=yes
add chain=prerouting connection-mark=potential_payment_reminder src-address-list=!has_seen_reminder action=mark-connection new-connection-mark=payment_reminder
Code: Select all
/ip firewall nat
add chain=dstnat connection-mark=payment_reminder action=redirect to-ports=8080
Code: Select all
/ip firewall filter
add chain=input connection-mark=payment_reminder action=add-src-to-address-list address-list=has_seen_reminder address-list-timeout=04:00:00 passthrough=yes
Code: Select all
/ip proxy set enabled=yes
/ip proxy access
add action=accept disabled=no dst-address=[IP of server that hosts reminder]
add action=deny disabled=no redirect-to="http://my.server.com/payment-reminder.html"Re: Mikrotik-Advertise-URL with PPPoE environment
Thank you very much fewi,
Mikrotik-Address-List works and it resolved my problem,
to run warning for some time (for a minute every 15 minutes) I used Schedule and prepared scripts, which create and remove appropriate firewall rules
Mikrotik-Address-List works and it resolved my problem,
to run warning for some time (for a minute every 15 minutes) I used Schedule and prepared scripts, which create and remove appropriate firewall rules
-
-
conchalnet
Member Candidate
- Posts: 274
- Joined:
- Location: Brazil
Re: Mikrotik-Advertise-URL with PPPoE environment
Hi fewi, I liked very mucho of your solution and it works very well.
I'm trying to redirect the traffic for one page with the original URL that the user had access. With this I can put something like "Click here to access your URL".
Do you know if this is possible with this solution?
Thanks in advance,
Fabrício
I'm trying to redirect the traffic for one page with the original URL that the user had access. With this I can put something like "Click here to access your URL".
Do you know if this is possible with this solution?
Thanks in advance,
Fabrício
Re: Mikrotik-Advertise-URL with PPPoE environment
I do not know if it is. The proxy cannot be programmed to pass the original URL on via a variable so I believe your only option is to check all the HTTP headers to see if one does contain the original URL. You could then use any dynamic scripting language on the server (PHP, Perl etc.) to pull it out and write the link. If there's no such header I guess you could make a feature request.
Re: Mikrotik-Advertise-URL with PPPoE environment
maybe HTTP Referer?
-
-
conchalnet
Member Candidate
- Posts: 274
- Joined:
- Location: Brazil
Re: Mikrotik-Advertise-URL with PPPoE environment
Hi Chupaka, the $_SERVER["HTTP_REFERER"] comes empty on php script when the page is redirected by the Mikrotik web-cache.maybe HTTP Referer?
Best regards
Fabrício
Re: Mikrotik-Advertise-URL with PPPoE environment
Just do a 'print_r($_SERVER); print_r($HTTP_SERVER_VARS);' on the server you're redirecting to - if nothing matches the original request you cannot retrieve it and you should contact support@mikrotik.com for an official feature request. $_SERVER doesn't contain all headers, I think, and it's possible some proprietary header a la X_FORWARDED_FROM attainable via $HTTP_SERVER_VARS contains proxy information.
Re: Mikrotik-Advertise-URL with PPPoE environment
by the way, $HTTP_SERVER_VARS contains the same initial information (as $_SERVER), but is not a superglobal (from PHP Docs)
Re: Mikrotik-Advertise-URL with PPPoE environment
There doesn't appear to be anything that contains the original request URI that is passed on to the server.
-
-
solidstate
just joined
- Posts: 4
- Joined:
Re: Mikrotik-Advertise-URL with PPPoE environment
hi dziadzi
may you post the whole setup you did to make everything working out as for the time script also? thank you
may you post the whole setup you did to make everything working out as for the time script also? thank you