Community discussions

MikroTik App
 
jakkwb
Member Candidate
Member Candidate
Topic Author
Posts: 133
Joined: Tue Jun 26, 2007 8:31 am

Letting users access only certain web pages

Tue Jan 31, 2012 1:37 am

Hello,

I am not using Hotspot or Usermanager.

I am using the method below to redirect non-paying users to a "pay-me" web site:

/ip firewall nat
add action=dst-nat chain=dstnat comment="redirect for unpaid customers" disabled=no protocol=tcp src-address-list=Unpaid to-addresses=192.168.xx.xxx

/ip firewall address-list
add address=96.3x.xxx.xxx comment="customer name" disabled=no list=Unpaid

Problem is, my Paypal button for users to make payments is being blocked. I need users to be able to access the above web page, and also have access to Paypal so the payment will process. Is this possible using the above method?

Thank you all.
 
jakkwb
Member Candidate
Member Candidate
Topic Author
Posts: 133
Joined: Tue Jun 26, 2007 8:31 am

Re: Letting users access only certain web pages

Tue Jan 31, 2012 10:09 pm

Anyone care to comment on this?
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 823
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: Letting users access only certain web pages

Tue Jan 31, 2012 11:16 pm

Add a new address list of every website and IP address that paypal uses, including all their cookies and adverts (search the forums for many complaints of PayPal not working correctly in Hotspot!) Make this addresslist become a bypass rule as if the customer had paid, for those destination addresses and IPs.

Hope that helps some way - if not ask some more.

Also, please be patient and wait for free advice. This is a forum for Mikrotik users by Mikrotik users and we get no payment, we do this to help you and to be useful to those who have problems. So, do not become impatient if you do not get response as fast as you would get from a paid support system! :-)
 
jakkwb
Member Candidate
Member Candidate
Topic Author
Posts: 133
Joined: Tue Jun 26, 2007 8:31 am

Re: Letting users access only certain web pages

Wed Feb 01, 2012 12:43 am

Thanks for the help, Nest,

I understand how to make the address list, but how do I make it a bypass rule?

Thanks again,

Jakkwb
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 823
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: Letting users access only certain web pages

Wed Feb 01, 2012 12:51 am

you haven't posted every part of your config, but one suggestion is to say that the rule you have for forcing non-paid users to be redirected does NOT apply if they are trying to get to the PayPal whitelist of addresses, like so :
/ip firewall nat
add action=dst-nat chain=dstnat comment="redirect for unpaid customers" disabled=no dst-address-list=!PayPal protocol=tcp src-address-list=Unpaid to-addresses=192.168.xx.xxx
 
jakkwb
Member Candidate
Member Candidate
Topic Author
Posts: 133
Joined: Tue Jun 26, 2007 8:31 am

Re: Letting users access only certain web pages

Wed Feb 01, 2012 7:55 am

OK, I understand that. I didn't know you could do "not" the address list. That is so cool.

Problem is, there are so many Paypal IP numbers! Is there any way to use the domain names instead of the IP in this setup?
 
jakkwb
Member Candidate
Member Candidate
Topic Author
Posts: 133
Joined: Tue Jun 26, 2007 8:31 am

Re: Letting users access only certain web pages

Thu Feb 02, 2012 7:59 am

OK, I scrapped the previous attempts and decided to try using the Mikrotiks web proxy option:

I took the following code from this post: http://www.dslreports.com/forum/r237621 ... y-Redirect

Mikrotik Commands:

/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=\
11.11.11.130 parent-proxy-port=80 port=8080 serialize-connections=no src-address=0.0.0.0

/ip proxy access
add action=allow comment="" disabled=no src-address=123.456.789.0/24
add action=deny comment="" disabled=no src-address=0.0.0.0

/ip firewall address-list
add address=123.456.789.10 comment="Joe" disabled=no list=non_paying_cust
add address=123.456.789.11 comment="Bob" disabled=no list=non_paying_cust

/ip firewall filter
add action=jump chain=forward comment="DC/Non Pay Users" disabled=no jump-target=DC_USERS src-address-list=non_paying_cust
add action=accept chain=DC_USERS comment="" disabled=no dst-address=11.11.11.132 dst-port=8080 protocol=tcp src-address-list=non_paying_cust
add action=accept chain=DC_USERS comment="" disabled=no dst-address=11.11.11.130 dst-port=80 protocol=tcp src-address-list=non_paying_cust
add action=accept chain=DC_USERS comment="" disabled=no dst-address=11.11.11.130 dst-port=443 protocol=tcp src-address-list=non_paying_cust
add action=accept chain=DC_USERS comment="" disabled=no dst-port=53 protocol=udp src-address-list=non_paying_cust

/ip firewall nat
add action=dst-nat chain=dstnat comment="DC/Non Pay Users" disabled=no dst-port=80 protocol=tcp src-address-list=non_paying_cust to-addresses=11.11.11.132 to-ports=8080

This is just not working. I am not getting any redirect on a PC on the non_paying_cust list. I also cannot access the web page on the server at 11.11.11.130.

The only counter that is moving is the one for jump command. None of the counters in the code in the jump routine are moving.

Can someone tell me what is wrong with this?
 
jakkwb
Member Candidate
Member Candidate
Topic Author
Posts: 133
Joined: Tue Jun 26, 2007 8:31 am

Re: Letting users access only certain web pages

Thu Feb 02, 2012 8:32 am

I found an error in the following line:

/ip firewall nat
add action=dst-nat chain=dstnat comment="DC/Non Pay Users" disabled=no dst-port=80 protocol=tcp src-address-list=non_paying_cust to-addresses=11.11.11.132 to-ports=8080


The address should be 11.11.11.130 instead. Changed, but it is still not working. The proxy is showing requests now, but there is still no web page (hosted on 11.11.11.130) coming thru on a PC in the address-list.

Any help would make me happy.

Who is online

Users browsing this forum: edzaljb and 26 guests