thank you Cameron. I appreciate it! On Mon, Mar 26, 2018 at 10:04 AM, Cameron Crum <[email protected]> wrote:
> Here is a MT script to set up the web proxy redirect. Obviously you will > need to change the urls in the last section under /ip proxy address. This > script takes anything in the 'suspended' address list and redirects port 80 > traffic to whatever you put in place of myportal.com. You also need to > match the ip range at the bottom to whatever ip range you are handing out > to your customers. You can add as many of that last rule as you need to > cover all your ranges. As for the ssh script, it should be easy enough to > write a simple script to ssh in and launch one of these: > > /ip firewall address-list add address=x.x.x.x list=suspended > > and to remove > > /ip firewall address-list remove [find address=x.x.x.x] > > The web proxy set up script is this (only run this one time, then move all > the rules to the top of their respective firewall sections): > > > add action=accept chain=input comment=\ > "Allow Proxy - redirect suspended users - this and then next five > rules should be at the top of the filter list" disabled=no dst-port=16099 \ > protocol=tcp > add action=jump chain=forward disabled=no jump-target=Suspended \ > src-address-list=suspended > add action=accept chain=Suspended disabled=no dst-port=443 protocol=tcp > add action=accept chain=Suspended disabled=no \ > dst-port=53 protocol=udp > add action=log chain=Suspended disabled=no dst-address-list=!PaymentGateway > limit=5/1m,10 log-prefix="" > add action=reject chain=Suspended disabled=no reject-with=\ > icmp-admin-prohibited > > /ip firewall nat > add action=redirect chain=dstnat comment="Redirect Nat Rule for suspend > users - put this rule at the top of the list " disabled=no dst-port=80 \ > protocol=tcp src-address-list=suspended to-ports=16099 > > /ip proxy > set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 > cache-on-disk=no enabled=\ > yes max-cache-size=none max-client-connections=600 max-fresh-time=3d > max-server-connections=\ > 600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=16099 > serialize-connections=no src-address=\ > 0.0.0.0 > /ip proxy access > add action=allow disabled=no dst-host=mywebsite.com > add action=allow disabled=no dst-host=www.mywebsite.com > add action=deny disabled=no redirect-to=myportal.com src-address=\ > x.x.x.x/24 > > > > > > > On Mon, Mar 26, 2018 at 10:53 AM, Sam Lambie <[email protected]> wrote: > >> We are in the the process of going to MT. But now, plain ole Linksys >> e2500's. >> >> On Mon, Mar 26, 2018 at 9:51 AM, Cameron Crum <[email protected]> >> wrote: >> >>> Are you using MT routers? I can show you a script to ssh to the router >>> and move him to an address list that either redirects him through a web >>> proxy or just drops all traffic. >>> >>> On Mon, Mar 26, 2018 at 10:36 AM, Sam Lambie <[email protected]> >>> wrote: >>> >>>> Has anyone used a script to check say every 5 minutes when an SM is up >>>> and make changes to it? If so, got an example? >>>> >>>> Ideally, I want to turn off the ethernet interface of the radio as the >>>> customer is a bum, but he keeps weird hours an I don't want to be glued to >>>> my seat checking when he is up. >>>> I know that I could just block is WAN IP, but this is something I am >>>> interested in and have never done. >>>> Thanks >>>> Sam >>>> >>>> -- >>>> -- >>>> *Sam Lambie* >>>> Taosnet Wireless Tech. >>>> 575-758-7598 <(575)%20758-7598> Office >>>> www.Taosnet.com <http://www.newmex.com> >>>> >>> >>> >> >> >> -- >> -- >> *Sam Lambie* >> Taosnet Wireless Tech. >> 575-758-7598 <(575)%20758-7598> Office >> www.Taosnet.com <http://www.newmex.com> >> > > -- -- *Sam Lambie* Taosnet Wireless Tech. 575-758-7598 Office www.Taosnet.com <http://www.newmex.com>
