Redirect Wireless Client to Late-Pay Notice

Discussion in 'Server Operation' started by giganet, Jun 18, 2009.

  1. giganet

    giganet New Member

    Hello group...

    I am looking to redirect wireless clients to a special page at my web-server which is running ISPConfig3 to encourage the 'Late-Paying' clients to call into our billing office to arrange payment, then I would just disable the redirect from within the client CPE after their phoning into the office.

    All Access Points and CPE's utilize MikroTik routers and I was given a short description of what needs to be done on the CPE side from a user at the MikroTik Forum, I will paste the routing rule(s) below:
    A single line of code will probably accomplish what you're looking for. I use a simple redirect that reads from an address list. That way, I can just add and remove IP addresses from the list to show the deadbeat webpage or not. Here's the NAT rule:
    add chain=dstnat action=dst-nat to-addresses= to-ports=8080 \
    dst-address=! dst-port=80 protocol=tcp \
    src-address-list="Deadbeats" comment="" disabled=no
    This redirects all port 80 traffic that isn't already destined to the webserver at to port 8080 on Port 8080 on the webserver is set up with a simple HTML page that says "pay up" (in more polite terms of course). To use this, just set up your webserver to listen on a specific port and put your HTML page there. (The reason it's on a specific port is because you can redirect traffic to an IP and port, not to a URL.) When you have a customer that you want to redirect to the pay-up page, just add their IP to the "Deadbeats" address list and you're done. To take them off, just remove them from the list. It's pretty simple. You might want to make this NAT rule the first one in your NAT rules list so that other actions aren't taken on the IP first, for example, src-nat before they see the pay-up page.
    So far I have created the dir 'ClientNotices' on the web-server and within that dir I have created the file 'late-payers.shtml'.

    Within '/etc/apache2/ports.conf' I added the following:
    Listen 88
    The MikroTik router will be redirecting the client to the servers IP at port 88 rather than a URL.
    To this point I am unable to get a browser to actually go to the desired page within that dir on the web-server though.

    How would I go about instructing Apache to redirect these users to the specified page on the server?

    Thanking you in advance for your help and time.

    Best Regards
  2. ajhart

    ajhart New Member

    Hi Giganet,
    First off, I personally don't like to redirect any ports on mikrotik specially for proxy reasons. Depending on router boards it like to take allot of resources and there is easier ways.
    I have a radiusmanager authenticating all my pppoe client and once their cap has been reached, the only page they can access is the radman UCP (user control pannel) page where the clients can purchase more bandwidth.

    Now in your case scenario I would disable all the masquerading nat rules on all my hi-sites except your head office router connected to the adsl router.

    Add routes forward and backwards to your high-sites so that you can ping your PCE units from your head office router board (keep the masquerading nat rule enabled on the CPE's - you don’t want to ping the client's local network as well)

    Then I would take a small designated server hosting a simple webpage through a static ip (locally)

    Then on your head office router board I would add the following firewall nat rule:

    add chain=dstnat src-address=(Client CPE IP Address) action=dst-nat to
    -addresses=(Webserver IP Address) protocol=tcp to-ports=0-65535
    And then add a Static DNS entry:

    add address=(Webserver static ip)
    set allow-remote-requests=yes
    And Wola, thourgh this you can enable and disable the nat as you plisse.
    I hope this help you and when it comes to mikrotik, I try to keep it simple
    Last edited: Jun 19, 2009

Share This Page