Page 1 of 1
Client redirect to a web page
Posted: Mon Dec 04, 2006 6:06 pm
by jansonz
Hello,
I have problems to redirect non-paying clients to warning web page. I made dst-nat rule, but it wont redirect. Ok, clients do not have Internet enymore, but they don't see the warning. My rule:
chain=dstnat src-address=80.x.x.x protocol=tcp action=dst-nat
to-addresses=80.x.x.y to-ports=8001
Where could be problem?? I also tried to put in the rule dst-port=80, but no changes..
Posted: Tue Dec 05, 2006 9:17 am
by cmit
Make that a
chain=dstnat src-address=80.x.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=80.x.x.y to-ports=8001
(include the dst-port paramter) or your webserver will see all kinds of TCP traffic redirected to it which it cannot really handle (SMTP, FTP, ...).
If you made sure you have a webserver running on port 8001 at the address you redirect to, also take care to configure it so every errorpage (especially the 404 one) will show your "we're missing money from you"-page. (As your client will perhaps request
http://www.someaddress.com/this/other/page.html - and your webserver won't have that special file...)
If that doesn't work, try to explain better what acutally happens ("it won't redirect, but they do not have internet"?).
Best regards,
Christian Meis
question
Posted: Wed Dec 20, 2006 1:30 pm
by datawlan
Hi Cmit!
Yes, that is a good example.
For this reason I have to "run" an another server, just to be able to display the "PAY PLEASE" site?
Is it possible to redirect all port "80" requests to not an IP address, but a site (for.e.:
http://www.WISP.com/nopay.html)?
Thanks a lot.
question
Posted: Wed Dec 20, 2006 1:30 pm
by datawlan
Hi Cmit!
Yes, that is a good example.
For this reason I have to "run" an another server, just to be able to display the "PAY PLEASE" site?
Is it possible to redirect all port "80" requests to not an IP address, but a site (for.e.:
http://www.WISP.com/nopay.html)?
Thanks a lot.
Posted: Wed Dec 20, 2006 7:24 pm
by titius
no you cant redirect to a web page just IP address, but you can make virtual web server on another port for examle
http://ipaddress:81
Posted: Thu Dec 21, 2006 10:41 am
by sergejs
Redirection to domain address is also possible, but then transparent proxy should be enabled (web-proxy test package). 80 port number requests will be maintained by the proxy, but web-proxy test package access-list contains 'redirect-to' option, that might be used to redirect required requrest to the specific web-page.
Posted: Thu Dec 21, 2006 10:52 am
by datawlan
Thanks, guys, both solutions are perfect!
I guess making a virtual server is easier (especially for a newbie).
hmmm
Posted: Thu Dec 21, 2006 1:25 pm
by datawlan
Hi!
I've made a virtual server, which works perfect (from browser).
For some reason, this code below does not direct the SELECTED client to the right address.
chain=dstnat src-address=192.168.121.37/32 protocol=tcp dst-port=80 action=dst-nat to-addresses=80.64.x.y to-ports=81
It should be ok, or?
Many thanks
Datawlan
Posted: Thu Dec 21, 2006 1:39 pm
by sergejs
Connection tracking has to be enabled on the router.
Make sure there are not any other NAT rules before this one.
Posted: Thu Dec 21, 2006 11:08 pm
by datawlan
Connection tracking has to be enabled on the router.
Make sure there are not any other NAT rules before this one.
Yes, It is on - and it works now!
Thanks for the help!
Posted: Fri Dec 22, 2006 8:48 am
by sergejs
datawlan
Where was the problem, when previously it does not work correctly ?
Posted: Sat Dec 23, 2006 6:41 pm
by datawlan
datawlan
Where was the problem, when previously it does not work correctly ?
hmm..
There was another rule just before this dst-nat.
It was my mistake.
Regards