Here is a MT script to set up the web proxy redirect. Obviously you will
need to change the urls in the last section under /ip proxy address. This
script takes anything in the 'suspended' address list and redirects port 80
traffic to whatever you put in place of myportal.com. You also need to
match the ip range at the bottom to whatever ip range you are handing out
to your customers. You can add as many of that last rule as you need to
cover all your ranges. As for the ssh script, it should be easy enough to
write a simple script to ssh in and launch one of these:
/ip firewall address-list add address=x.x.x.x list=suspended
and to remove
/ip firewall address-list remove [find address=x.x.x.x]
The web proxy set up script is this (only run this one time, then move all
the rules to the top of their respective firewall sections):
add action=accept chain=input comment=\
"Allow Proxy - redirect suspended users - this and then next five rules
should be at the top of the filter list" disabled=no dst-port=16099 \
protocol=tcp
add action=jump chain=forward disabled=no jump-target=Suspended \
src-address-list=suspended
add action=accept chain=Suspended disabled=no dst-port=443 protocol=tcp
add action=accept chain=Suspended disabled=no \
dst-port=53 protocol=udp
add action=log chain=Suspended disabled=no dst-address-list=!PaymentGateway
limit=5/1m,10 log-prefix=""
add action=reject chain=Suspended disabled=no reject-with=\
icmp-admin-prohibited
/ip firewall nat
add action=redirect chain=dstnat comment="Redirect Nat Rule for suspend
users - put this rule at the top of the list " disabled=no dst-port=80 \
protocol=tcp src-address-list=suspended to-ports=16099
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=\
yes max-cache-size=none max-client-connections=600 max-fresh-time=3d
max-server-connections=\
600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=16099
serialize-connections=no src-address=\
0.0.0.0
/ip proxy access
add action=allow disabled=no dst-host=mywebsite.com
add action=allow disabled=no dst-host=www.mywebsite.com
add action=deny disabled=no redirect-to=myportal.com src-address=\
x.x.x.x/24
On Mon, Mar 26, 2018 at 10:53 AM, Sam Lambie <[email protected]> wrote:
> We are in the the process of going to MT. But now, plain ole Linksys
> e2500's.
>
> On Mon, Mar 26, 2018 at 9:51 AM, Cameron Crum <[email protected]> wrote:
>
>> Are you using MT routers? I can show you a script to ssh to the router
>> and move him to an address list that either redirects him through a web
>> proxy or just drops all traffic.
>>
>> On Mon, Mar 26, 2018 at 10:36 AM, Sam Lambie <[email protected]>
>> wrote:
>>
>>> Has anyone used a script to check say every 5 minutes when an SM is up
>>> and make changes to it? If so, got an example?
>>>
>>> Ideally, I want to turn off the ethernet interface of the radio as the
>>> customer is a bum, but he keeps weird hours an I don't want to be glued to
>>> my seat checking when he is up.
>>> I know that I could just block is WAN IP, but this is something I am
>>> interested in and have never done.
>>> Thanks
>>> Sam
>>>
>>> --
>>> --
>>> *Sam Lambie*
>>> Taosnet Wireless Tech.
>>> 575-758-7598 <(575)%20758-7598> Office
>>> www.Taosnet.com <http://www.newmex.com>
>>>
>>
>>
>
>
> --
> --
> *Sam Lambie*
> Taosnet Wireless Tech.
> 575-758-7598 <(575)%20758-7598> Office
> www.Taosnet.com <http://www.newmex.com>
>
