Firewall blocks them from getting online, but they obviously won't see a page that says to call you.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Jan 12, 2016 at 6:09 PM, Tim Reichhart < [email protected]> wrote: > Sorry for bringing this back up but what happens if customer is using " > Xbox, Roku, Smart TV, or iPhone app or Android apps" how would I > block/suspend them customers then? > > Tim > > ------------------------------ > -----Original Message----- > From: "Cameron Crum" <[email protected]> > To: [email protected] > Date: 12/29/15 02:09 PM > Subject: Re: [AFMUG] redirect customers ip to nonpayment page on miktroik > > Yes. When you add an ip to the a list, if you've ever created that list > before or rules that deal with the list, it will be available in the > dropdown for the list name. Alternatively, you can type it in. Keep in mind > it is case sensitive. We automate this through Wispmon so when a customer > gets suspended, it ssh's to the router and runs the command > > /ip firewall address-list add address=10.x.x.x list=suspended > > > > > > On Tue, Dec 29, 2015 at 12:47 PM, Josh Luthman < > [email protected]> wrote: > >> When you add the firewall rules you'll "create" the address-list. When >> you add IPs to it, you'll see it in the drop down menu (I'd suggest this >> over typing it when adding IPs to rule out mistakes). >> >> >> >> Josh Luthman >> Office: 937-552-2340 <http://tel:937-552-2340> >> Direct: 937-552-2343 <http://tel:937-552-2343> >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> On Tue, Dec 29, 2015 at 1:44 PM, Tim Reichhart < >> [email protected]> wrote: >> >>> Cameron >>> do I need to make an separate list for suspended customer name with ip >>> address with this code? >>> >>> Tim >>> >>> ------------------------------ >>> -----Original Message----- >>> From: "Cameron Crum" <[email protected]> >>> To: [email protected] >>> Date: 12/29/15 01:20 PM >>> Subject: Re: [AFMUG] redirect customers ip to nonpayment page on miktroik >>> >>> and that nat rule needs to be at the top of your rules. >>> >>> >>> On Tue, Dec 29, 2015 at 12:19 PM, Cameron Crum <[email protected]> >>> wrote: >>> >>>> >>>> Here is the setup script...obviously you need to adjust the urls and >>>> address range on the last line to fit your needs. >>>> >>>> /ip firewall filter >>>> add action=accept chain=input comment=\ >>>> "Allow Proxy - redirect suspended users" disabled=no dst-port=16099 \ >>>> protocol=tcp >>>> add action=jump chain=forward disabled=no jump-target=Suspended \ >>>> src-address-list=suspended >>>> add action=accept chain=Suspended disabled=no dst-port=443 protocol=tcp >>>> add action=accept chain=Suspended disabled=no \ >>>> dst-port=53 protocol=udp >>>> add action=log chain=Suspended disabled=no >>>> dst-address-list=!PaymentGateway \ >>>> limit=5/1m,10 log-prefix="" >>>> add action=reject chain=Suspended disabled=no reject-with=\ >>>> icmp-admin-prohibited >>>> >>>> /ip firewall nat >>>> add action=redirect chain=dstnat comment="Redirect Rule for suspend >>>> users - chan\ >>>> ge To Address under action to portal page" disabled=no dst-port=80 \ >>>> protocol=tcp src-address-list=suspended to-ports=16099 >>>> >>>> /ip proxy >>>> set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 >>>> cache-on-disk=no enabled=\ >>>> yes max-cache-size=none max-client-connections=600 max-fresh-time=3d >>>> max-server-connections=\ >>>> 600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=16099 >>>> serialize-connections=no src-address=\ >>>> 0.0.0.0 >>>> /ip proxy access >>>> add action=allow disabled=no dst-host=www.mycompany.com >>>> add action=deny disabled=no redirect-to= >>>> https://www.mycompany.com/redirectpage.html src-address=\ >>>> 10.x.x.x/x >>>> >>>> >>>> >>>> >>>> On Tue, Dec 29, 2015 at 12:14 PM, Ken Hohhof <[email protected]> wrote: >>>> >>>> >>>>> >>>>> With everyone switching to "devices" and "apps", some people never see >>>>> a redirect or in-browser notification. If it doesn't show up on the Xbox, >>>>> Roku, Smart TV, or iPhone app, they never see it. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* [email protected] >>>>> *Sent:* Tuesday, December 29, 2015 11:47 AM >>>>> *To:* [email protected] >>>>> *Subject:* Re: [AFMUG] redirect customers ip to nonpayment page on >>>>> miktroik >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> http://www.perftech.com/ >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Cameron Crum <[email protected]> >>>>> *Sent:* Tuesday, December 29, 2015 10:28 AM >>>>> *To:* [email protected] >>>>> *Subject:* Re: [AFMUG] redirect customers ip to nonpayment page on >>>>> miktroik >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> If your customers have static ip assignments you can use an address >>>>> list and web proxy. If not, then there probably is no other way. >>>>> >>>>> >>>>> On Tue, Dec 29, 2015 at 11:25 AM, Tim Reichhart < >>>>> [email protected]> wrote: >>>>> >>>>>> I am looking to redirect customers ip to non-payment page on miktroik >>>>>> and I do nat at core router and i dont have radius setup. >>>>>> >>>>>> Tim >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>> >>> >>> >> >> >> >> > > > > > >
