Community discussions

MikroTik App
  4. RouterOS
  5. General

How-to firewall customer IP that is delinquent, direct/force them to webpage html address?

Post Reply
 
wispwest
Member
Member
Topic Author
Posts: 479
Joined: Tue May 19, 2009 3:48 am

How-to firewall customer IP that is delinquent, direct/force them to webpage html address?

Fri Jun 26, 2015 8:36 pm

We've always used the DST-NAT firewall rule to lock customers to the "Deliquent" webpage that are past-due, however we've moved our website and need to DST them to a html address now, but Mikrotik OS says "IP Address expected"

Tried creating an "address list" but still "need IP address", and can't forward to a www.website.com/deliquent/

Appreciate any help!
Top
 
thebigcow
just joined
Posts: 8
Joined: Sat May 16, 2015 12:43 am

Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?

Fri Jun 26, 2015 10:43 pm

This is probably easier to accomplish from the web server itself if you have another ip to spare.
Top
 
wispwest
Member
Member
Topic Author
Posts: 479
Joined: Tue May 19, 2009 3:48 am

Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?

Fri Jun 26, 2015 10:48 pm

I know it'd be easier, as that's how we've done it the past 10 years.

That's the problem, we no longer have separate IP's for different pages, it all shares the same IP address for the domain (now cloud-based)
Top
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?

Sat Jun 27, 2015 12:03 am

Re-direct them to a web-proxy and use
Code: Select all
/ip proxy access add dst-host=* action=deny redirect-to=www.yoursite.com
to force them to your page.
Top
 
wispwest
Member
Member
Topic Author
Posts: 479
Joined: Tue May 19, 2009 3:48 am

Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?

Sat Jun 27, 2015 1:20 am

Re-direct them to a web-proxy and use
Code: Select all
/ip proxy access add dst-host=* action=deny redirect-to=www.yoursite.com
to force them to your page.

Thanks! So, where do I put the customer IP, do I put them in the * where "dst-host=*" ?
Example: ip proxy access add dst-host=10.9.9.54 action=deny redirect-to=www.yoursite.com/deliquent
Top
 
networkfudge
Trainer
Trainer
Posts: 136
Joined: Mon May 20, 2013 2:47 pm

Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?

Sat Jun 27, 2015 1:38 am

Code: Select all
/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 src-address-list=Block

/ip firewall filter add chain=forward src-address-list=Block protocol=udp dst-port=53 action=accept add chain=forward dst-address-list=Block protocol=udp src-port=53 action=accept add chain=forward src-address-list=Block action=drop

/ip proxy set enabled=yes /ip proxy access add action=allow disabled=no dst-address=172.16.0.123 add action=deny disabled=no redirect-to="http://172.16.0.123/block.html"
This will re-direct anyone in the Block address list to http://172.16.0.123/block.html
Top
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: How-to firewall customer IP that is delinquent, direct/force them to webpage html address?

Sat Jun 27, 2015 6:58 am

Re-direct them to a web-proxy and use
Code: Select all
/ip proxy access add dst-host=* action=deny redirect-to=www.yoursite.com
to force them to your page.

Thanks! So, where do I put the customer IP, do I put them in the * where "dst-host=*" ?
Example: ip proxy access add dst-host=10.9.9.54 action=deny redirect-to=www.yoursite.com/deliquent
Sorry, though I included a link to Wiki, http://wiki.mikrotik.com/wiki/Manual:IP/Proxy. The * in dst-host=* is wildcard to catch the original website or IP.
But what Networkfudge gave you is what you need to get it working.
Top
Post Reply
  4. RouterOS
  5. General