The deny rule does seem to do the trick.
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
On 8/4/2014 4:21 PM, Josh Luthman wrote:
Well I guess if it can't be done with NAT that's the next best option!
Thanks for the help guys.
If I create a deny rule below the redirect rule, doesn't that fuse all
other proxy function?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Mon, Aug 4, 2014 at 5:10 PM, Rory McCann <[email protected]> wrote:
Yup - I just tried this and was able to make it work.
Set up IP Proxy and listen on your WAN IP port 80. I ticked "Anonymous"
and didn't change any other settings.
From there, I went to Access and added dst address WAN IP DST port 80
action deny redirect to other website.
There are probably some security concerns with having an anonymous proxy
running on your MT, but it should give you a starting point for what you
are after.
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
On 8/4/2014 3:59 PM, Josh Luthman wrote:
At that point it would probably be better to use the web proxy, wouldn't
it?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Mon, Aug 4, 2014 at 4:51 PM, Rory McCann <[email protected]> wrote:
I don't think you're going to do this with NAT. I'm not terribly familiar
with the Hotspot feature, however could you do something with that where
it
runs on the WAN interface and when a request is received, forwards it on
to
the destination server?
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
On 8/4/2014 3:35 PM, Josh Luthman wrote:
I use foo.com because it's quick and easy to type. I know, first world
probloms...
How would I srcnat these incoming connections? If I specify
chain=srcnat
in-interface=ether1 it complains "ingoing interface matching not
possible
in output and postrouting chains"
I have this rule and while it counts packets, there's never any response
from a web server (there is when talking directly to 2.2.2.2)
/ip firew nat
add action=dst-nat chain=dstnat comment="redirect 80 to outside web
server"
disabled=no dst-address=\
1.1.1.1 dst-port=80 in-interface=ether1 protocol=tcp
to-addresses=2.2.2.2 to-ports=80
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Mon, Aug 4, 2014 at 4:26 PM, Alexander Neilson <
[email protected]>
wrote:
You could give it a go. Would you not be better using a different A
record
for your house (home.foo.com) point the foo.com record to your web
server
and do the http redirect on that.
I would just imagine you would likely need to source NAT the connection
as
well otherwise the IP reply would come to the user from a completely
different IP address and could break NAT on the other end.
Regards
Alexander
Alexander Neilson
Neilson Productions Ltd
[email protected]
021 329 681
On 5/08/2014, at 8:10 am, Josh Luthman <[email protected]>
wrote:
My home router is the A record for foo.com (1.1.1.1)
I have an outside web server at www.foo.com (2.2.2.2)
Is it possible for when someone goes to my MT at foo.com (1.1.1.1),
the
MT
does a dstnat to 2.2.2.2 ? I'd prefer to avoid having an Apache
server
just for an HTTP redirect.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://mail.butchevans.com/pipermail/mikrotik/
attachments/20140804/fd91da31/attachment.html
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6151 bytes
Desc: not available
URL: <
http://mail.butchevans.com/pipermail/mikrotik/
attachments/20140805/e9b0fe51/attachment.bin
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.butchevans.com/pipermail/mikrotik/
attachments/20140804/898b829a/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.butchevans.com/pipermail/mikrotik/
attachments/20140804/d68abefa/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20140804/426fa159/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
