Page 1 of 1
How to forward all WiFi traffic to WEB server?
Posted: Tue Mar 18, 2014 3:48 pm
by marko1303
I need redirect all traffic from WiFi to WEB server. What is the best way to do that?
User IP range is from 192.168.3.100-192.168.3.150.
If some user try to open e.g.
http://www.google.hr it must be redirected to
http://192.168.3.40
Re: How to forward all WiFi traffic to WEB server?
Posted: Tue Mar 18, 2014 5:49 pm
by Rudios
Try creating a dstnat rule.
ros code
/ip firewall nat
add chain=dstnat action=dst-nat protocol=TCP dst-port=80,443 to-address=192.168.3.40
Re: How to forward all WiFi traffic to WEB server?
Posted: Tue Mar 18, 2014 7:09 pm
by SurferTim
Rudios way will redirect to that ip, but will not translate the page. If the page requested is not on the server, you will get a 404 error. The proxy is the best way. It can redirect any site/page to any page on the server.
Re: How to forward all WiFi traffic to WEB server?
Posted: Tue Mar 18, 2014 9:45 pm
by marko1303
What I need to set in proxy?
Re: How to forward all WiFi traffic to WEB server?
Posted: Wed Mar 19, 2014 4:22 am
by SurferTim
Re: How to forward all WiFi traffic to WEB server?
Posted: Wed Mar 19, 2014 10:04 am
by marko1303
It is not working, here is my config.
[admin@MikroTik] > ip proxy expo
# mar/19/2014 07:46:18 by RouterOS [code]6.10
# software id = F6R9-UR4F
#
/ip proxy
set enabled=yes port=3128
/ip proxy access
add action=deny dst-port=80 redirect-to=192.168.1.75 src-address=\
192.168.1.0/24
[/code]
[admin@MikroTik] > ip pr acc ex
# mar/19/2014 07:48:53 by RouterOS 6.10
# software id = F6R9-UR4F
#
/ip proxy access
add action=deny dst-port=80 redirect-to=192.168.1.75 src-address=\
192.168.1.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-bridge-port=ether2 src-address=\
192.168.1.0/24
add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address=\
192.168.1.0/24 to-ports=3128
[admin@MikroTik] > int bridge expo
# mar/19/2014 08:00:03 by RouterOS 6.10
# software id = F6R9-UR4F
#
/interface bridge
add l2mtu=1598 name=bridge1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether2
/ip address
add address=192.168.1.251/24 interface=bridge1 network=\
192.168.1.0
Re: How to forward all WiFi traffic to WEB server?
Posted: Wed Mar 19, 2014 10:59 am
by Rudios
I think you do not need the proxy access rule.
And if it is needed I suppose the action should be allow rather than deny.
And in the ip firewall nat rule with the action redirect, you also need to redirect to a different IP address. (the IP of the router running proxy)
Re: How to forward all WiFi traffic to WEB server?
Posted: Wed Mar 19, 2014 12:25 pm
by SurferTim
Without the proxy access deny rule, it won't redirect the source ip address request to the new server/page.
I have not tried redirecting a request in a hairpin nat. I use an external server. If the client ip is 192.168.1.75, then this will redirect any http request from that client to xx.xx.xx.xx/payme.html.
/ip proxy access
add action=deny dst-port=80 redirect-to=xx.xx.xx.xx/payme.html src-address=192.168.1.75/32
Re: How to forward all WiFi traffic to WEB server?
Posted: Wed Mar 19, 2014 4:41 pm
by marko1303
It's work now for http, but not for https. If i try to open
http://www.google.com router redirect me to
http://192.168.1.75, but if itry to open
https://
www.google.com browser returns error.
[admin@MikroTik] > ip fir nat ex
# mar/19/2014 14:24:53 by RouterOS 6.10
# software id = F6R9-UR4F
#
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80,443,8080 protocol=tcp \
src-address=192.168.1.0/24 to-addresses=192.168.1.251 to-ports=3128
# mar/19/2014 14:26:46 by RouterOS 6.10
# software id = F6R9-UR4F
#
/ip proxy access
add action=deny dst-port=80,443,8080 redirect-to=192.168.1.75:80 src-address
192.168.1.0/24
Re: How to forward all WiFi traffic to WEB server?
Posted: Thu Mar 20, 2014 12:16 am
by SurferTim
Proxies don't work well with port 443. It's a security thing. Don't redirect port 443. I mean you can, but it won't go to the same port 80 page. You will get an error instead, but it keeps the client from accessing the internet.