Hello All,
I am facing a problem ,
I disabled all my firewall rules ... I have 3 interfaces at my MT
the first interface : ISP-1 which is a proxy source i use only HTTP traffic .
the second interface is : ISP-2 which is my gateway source .
and the third is my LOCAL interface .
I am using PARENT PROXY that my web-proxy connects to it but the problem here is that i have a webserver that is on my local network and I am testingit daily but I fail and I already failed with it .
I used the default rule that forwards any client that is at UNPAID list to my webserver , my webserver has the default website , it tells our customers to pay .. it seems that after creating this rule , the client can not use internet and if you typed http://www.google.com , it shows to you that it is connecting ....... still and still you wait until it fails , no forwarding .
any help would be greatly appreciated .
Thank you,
Ghassan
Hello ,
I searched forums and everything I done but actually my problem is confusing me , I do not know what is the problem .. I tried to disable my firewall rules , everything in route table but i still ca not redirect my unpaid customer to my webserver also my network is using subnet 30 for each user .. when I test or go to ex : http://192.168.0.55 ( webserver ) i get GATEWAY TIMEOUT (ERROR ) so what do you think my problem is ?
I searched forums and everything I done but actually my problem is confusing me , I do not know what is the problem .. I tried to disable my firewall rules , everything in route table but i still ca not redirect my unpaid customer to my webserver also my network is using subnet 30 for each user .. when I test or go to ex : http://192.168.0.55 ( webserver ) i get GATEWAY TIMEOUT (ERROR ) so what do you think my problem is ?
I disabled all firewall filter rules , input , forward ..etc
/ ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 src-address-list=Non-Paid \
action=dst-nat to-addresses=44.83.16.2 to-ports=82 comment="REDIRECT \
NON-PAYED CUSTOMERS" disabled=no
add chain=dstnat src-address=44.83.16.2 protocol=tcp dst-port=80 \
action=dst-nat to-addresses=44.83.16.2 to-ports=82 comment="Force Client \
to use proxy on your own" disabled=yes
Notice that 44.83.16.1 is my web-proxy ip or MT IP for LOCAL .
add chain=dstnat in-interface=WiFi dst-address=!44.83.16.1 protocol=tcp \
dst-port=80 action=jump jump-target=WEBPROXY comment="JUMP Users to \
Web-Proxy" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=8080 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 8080" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=8082 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 8082" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=8088 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 8088" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=81 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 81" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=3128 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 3128" disabled=no
add chain=dstnat protocol=tcp dst-port=53 action=redirect to-ports=53 \
comment="REDIRECT ALL TO DNS SERVER" disabled=no
add chain=dstnat protocol=udp dst-port=53 action=redirect to-ports=53 \
comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=443 action=redirect to-ports=8001 \
comment="" disabled=yes
add chain=srcnat out-interface=GATE src-address=44.83.16.2 action=masquerade \
comment="Masquerade Client-1" disabled=no
add chain=srcnat out-interface=GATE src-address=44.83.16.6 action=masquerade \
comment="Masquerade Client-2" disabled=no
--------
add chain=WEBPROXY in-interface=WiFi src-address=44.83.16.2 protocol=tcp \
dst-port=80 action=redirect to-ports=8001 comment="" disabled=no
this configuration allows me to control IP one by one .
/ ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 src-address-list=Non-Paid \
action=dst-nat to-addresses=44.83.16.2 to-ports=82 comment="REDIRECT \
NON-PAYED CUSTOMERS" disabled=no
add chain=dstnat src-address=44.83.16.2 protocol=tcp dst-port=80 \
action=dst-nat to-addresses=44.83.16.2 to-ports=82 comment="Force Client \
to use proxy on your own" disabled=yes
Notice that 44.83.16.1 is my web-proxy ip or MT IP for LOCAL .
add chain=dstnat in-interface=WiFi dst-address=!44.83.16.1 protocol=tcp \
dst-port=80 action=jump jump-target=WEBPROXY comment="JUMP Users to \
Web-Proxy" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=8080 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 8080" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=8082 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 8082" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=8088 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 8088" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=81 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 81" disabled=no
add chain=dstnat in-interface=WiFi protocol=tcp dst-port=3128 action=redirect \
to-ports=3129 comment="REDIRECT PROXIES WITH PORT 3128" disabled=no
add chain=dstnat protocol=tcp dst-port=53 action=redirect to-ports=53 \
comment="REDIRECT ALL TO DNS SERVER" disabled=no
add chain=dstnat protocol=udp dst-port=53 action=redirect to-ports=53 \
comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=443 action=redirect to-ports=8001 \
comment="" disabled=yes
add chain=srcnat out-interface=GATE src-address=44.83.16.2 action=masquerade \
comment="Masquerade Client-1" disabled=no
add chain=srcnat out-interface=GATE src-address=44.83.16.6 action=masquerade \
comment="Masquerade Client-2" disabled=no
--------
add chain=WEBPROXY in-interface=WiFi src-address=44.83.16.2 protocol=tcp \
dst-port=80 action=redirect to-ports=8001 comment="" disabled=no
this configuration allows me to control IP one by one .
Who is online
Users browsing this forum: lurker888 and 50 guests