That is true, but most use a script like this or similar in a MT router (PC BMU) to accomplish it. So even if you have one of those systems, you still need a way to redirect people in the router. At least with this, it will be one less step to configure when he makes the change ;)
On Tue, Mar 27, 2018 at 12:21 AM, Steve Jones <[email protected]> wrote: > not to be that guy, but powercode, sonar, etc... they do this for you and > redirect them to say "hey, bum, pay" > > > On Mon, Mar 26, 2018 at 11:16 AM, Cameron Crum <[email protected]> > wrote: > >> If you didn't want the redirect, you could just write a quick firewall to >> drop all traffic from the suspended list as well, but redirecting to a >> portal is preferable in my view. >> >> Cameron >> >> On Mon, Mar 26, 2018 at 11:09 AM, Sam Lambie <[email protected]> >> wrote: >> >>> thank you Cameron. I appreciate it! >>> >>> On Mon, Mar 26, 2018 at 10:04 AM, Cameron Crum <[email protected]> >>> wrote: >>> >>>> Here is a MT script to set up the web proxy redirect. Obviously you >>>> will need to change the urls in the last section under /ip proxy address. >>>> This script takes anything in the 'suspended' address list and redirects >>>> port 80 traffic to whatever you put in place of myportal.com. You also >>>> need to match the ip range at the bottom to whatever ip range you are >>>> handing out to your customers. You can add as many of that last rule as you >>>> need to cover all your ranges. As for the ssh script, it should be easy >>>> enough to write a simple script to ssh in and launch one of these: >>>> >>>> /ip firewall address-list add address=x.x.x.x list=suspended >>>> >>>> and to remove >>>> >>>> /ip firewall address-list remove [find address=x.x.x.x] >>>> >>>> The web proxy set up script is this (only run this one time, then move >>>> all the rules to the top of their respective firewall sections): >>>> >>>> >>>> add action=accept chain=input comment=\ >>>> "Allow Proxy - redirect suspended users - this and then next five >>>> rules should be at the top of the filter list" disabled=no dst-port=16099 \ >>>> protocol=tcp >>>> add action=jump chain=forward disabled=no jump-target=Suspended \ >>>> src-address-list=suspended >>>> add action=accept chain=Suspended disabled=no dst-port=443 protocol=tcp >>>> add action=accept chain=Suspended disabled=no \ >>>> dst-port=53 protocol=udp >>>> add action=log chain=Suspended disabled=no >>>> dst-address-list=!PaymentGateway limit=5/1m,10 log-prefix="" >>>> add action=reject chain=Suspended disabled=no reject-with=\ >>>> icmp-admin-prohibited >>>> >>>> /ip firewall nat >>>> add action=redirect chain=dstnat comment="Redirect Nat Rule for suspend >>>> users - put this rule at the top of the list " disabled=no dst-port=80 \ >>>> protocol=tcp src-address-list=suspended to-ports=16099 >>>> >>>> /ip proxy >>>> set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 >>>> cache-on-disk=no enabled=\ >>>> yes max-cache-size=none max-client-connections=600 >>>> max-fresh-time=3d max-server-connections=\ >>>> 600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=16099 >>>> serialize-connections=no src-address=\ >>>> 0.0.0.0 >>>> /ip proxy access >>>> add action=allow disabled=no dst-host=mywebsite.com >>>> add action=allow disabled=no dst-host=www.mywebsite.com >>>> add action=deny disabled=no redirect-to=myportal.com src-address=\ >>>> x.x.x.x/24 >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mon, Mar 26, 2018 at 10:53 AM, Sam Lambie <[email protected]> >>>> wrote: >>>> >>>>> We are in the the process of going to MT. But now, plain ole Linksys >>>>> e2500's. >>>>> >>>>> On Mon, Mar 26, 2018 at 9:51 AM, Cameron Crum <[email protected]> >>>>> wrote: >>>>> >>>>>> Are you using MT routers? I can show you a script to ssh to the >>>>>> router and move him to an address list that either redirects him through >>>>>> a >>>>>> web proxy or just drops all traffic. >>>>>> >>>>>> On Mon, Mar 26, 2018 at 10:36 AM, Sam Lambie <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Has anyone used a script to check say every 5 minutes when an SM is >>>>>>> up and make changes to it? If so, got an example? >>>>>>> >>>>>>> Ideally, I want to turn off the ethernet interface of the radio as >>>>>>> the customer is a bum, but he keeps weird hours an I don't want to be >>>>>>> glued >>>>>>> to my seat checking when he is up. >>>>>>> I know that I could just block is WAN IP, but this is something I am >>>>>>> interested in and have never done. >>>>>>> Thanks >>>>>>> Sam >>>>>>> >>>>>>> -- >>>>>>> -- >>>>>>> *Sam Lambie* >>>>>>> Taosnet Wireless Tech. >>>>>>> 575-758-7598 <(575)%20758-7598> Office >>>>>>> www.Taosnet.com <http://www.newmex.com> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> -- >>>>> *Sam Lambie* >>>>> Taosnet Wireless Tech. >>>>> 575-758-7598 <(575)%20758-7598> Office >>>>> www.Taosnet.com <http://www.newmex.com> >>>>> >>>> >>>> >>> >>> >>> -- >>> -- >>> *Sam Lambie* >>> Taosnet Wireless Tech. >>> 575-758-7598 <(575)%20758-7598> Office >>> www.Taosnet.com <http://www.newmex.com> >>> >> >> >
