When you add the firewall rules you'll "create" the address-list. When you add IPs to it, you'll see it in the drop down menu (I'd suggest this over typing it when adding IPs to rule out mistakes).
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Dec 29, 2015 at 1:44 PM, Tim Reichhart < [email protected]> wrote: > Cameron > do I need to make an separate list for suspended customer name with ip > address with this code? > > Tim > > ------------------------------ > -----Original Message----- > From: "Cameron Crum" <[email protected]> > To: [email protected] > Date: 12/29/15 01:20 PM > Subject: Re: [AFMUG] redirect customers ip to nonpayment page on miktroik > > and that nat rule needs to be at the top of your rules. > > On Tue, Dec 29, 2015 at 12:19 PM, Cameron Crum <[email protected]> wrote: > >> Here is the setup script...obviously you need to adjust the urls and >> address range on the last line to fit your needs. >> >> /ip firewall filter >> add action=accept chain=input comment=\ >> "Allow Proxy - redirect suspended users" disabled=no dst-port=16099 \ >> protocol=tcp >> add action=jump chain=forward disabled=no jump-target=Suspended \ >> src-address-list=suspended >> add action=accept chain=Suspended disabled=no dst-port=443 protocol=tcp >> add action=accept chain=Suspended disabled=no \ >> dst-port=53 protocol=udp >> add action=log chain=Suspended disabled=no >> dst-address-list=!PaymentGateway \ >> limit=5/1m,10 log-prefix="" >> add action=reject chain=Suspended disabled=no reject-with=\ >> icmp-admin-prohibited >> >> /ip firewall nat >> add action=redirect chain=dstnat comment="Redirect Rule for suspend users >> - chan\ >> ge To Address under action to portal page" disabled=no dst-port=80 \ >> protocol=tcp src-address-list=suspended to-ports=16099 >> >> /ip proxy >> set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 >> cache-on-disk=no enabled=\ >> yes max-cache-size=none max-client-connections=600 max-fresh-time=3d >> max-server-connections=\ >> 600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=16099 >> serialize-connections=no src-address=\ >> 0.0.0.0 >> /ip proxy access >> add action=allow disabled=no dst-host=www.mycompany.com >> add action=deny disabled=no redirect-to= >> https://www.mycompany.com/redirectpage.html src-address=\ >> 10.x.x.x/x >> >> >> >> On Tue, Dec 29, 2015 at 12:14 PM, Ken Hohhof <[email protected]> wrote: >> >>> >>> With everyone switching to "devices" and "apps", some people never see a >>> redirect or in-browser notification. If it doesn't show up on the Xbox, >>> Roku, Smart TV, or iPhone app, they never see it. >>> >>> >>> >>> >>> *From:* [email protected] >>> *Sent:* Tuesday, December 29, 2015 11:47 AM >>> *To:* [email protected] >>> *Subject:* Re: [AFMUG] redirect customers ip to nonpayment page on >>> miktroik >>> >>> >>> >>> >>> >>> http://www.perftech.com/ >>> >>> >>> >>> >>> *From:* Cameron Crum <[email protected]> >>> *Sent:* Tuesday, December 29, 2015 10:28 AM >>> *To:* [email protected] >>> *Subject:* Re: [AFMUG] redirect customers ip to nonpayment page on >>> miktroik >>> >>> >>> >>> >>> >>> If your customers have static ip assignments you can use an address list >>> and web proxy. If not, then there probably is no other way. >>> >>> >>> On Tue, Dec 29, 2015 at 11:25 AM, Tim Reichhart < >>> [email protected]> wrote: >>> >>>> I am looking to redirect customers ip to non-payment page on miktroik >>>> and I do nat at core router and i dont have radius setup. >>>> >>>> Tim >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>> >>> >> >> >> >> > > > > >
