Mikrotik RouterOS - Forcing Expired accounts to redirect to the payment expired page automatically!
Following may be a tiny however to on how can send nonpayment and expired PPPoE user’s to a web page wherever they may hip that their account is suspended for thanks to nonpayment. During the article, we will use the PPPoE server solely, however, you will apply this theory to HOTSPOT or alternative services additionally. Remember that ways will vary. however, the logic will remain the same in most scenario.
For example, once you wish to dam user thanks to nonpayment, simply amend the user profile to expired users, Then the User can still be able to connect exploitation his ID (PPPoE dialer), however, once he can attempt to surf the web, We are going to be redirected to you native net server page wherever he is going to be hip that his/her account is suspended thanks to nonpayment within the image above}. this can be generally useful for a few alternative functions too, as an example you’ll additionally assemble/schedule Payment Reminder, {that will} show payment reminder to users at specific dates/time for a few seconds/minutes so the user can resume surfboarding when few seconds/minutes. However, that’s another story.
To shorten this guide, I assume you have got an operating PPPoE server in situ with the following config.
[Change the IP theme as per your native requirement/network]
For example, you’ll have a PPPoE server organized for the following theme,
Mikrotik PPPoE Serve rIP = 10.0.0.1
Mikrotik User DHCP Pool = 10.0.0.0/8
Mikrotik PPPoE Pool = 172.16.0.0/16
Now you have got to make an expired IP pool thus we are able to distinguish nonpayment users and expired users’ profiles thus if we would like to dam any user, we are going to merely amendment this user profile to an expired profile.
Adding IP pool for expired / Non-Payment Users:
/ip pooladd name=Expired-Pool
ranges=172.16.1.1-172.16.1.255
Adding Profile for expired / Non-Payment Users:
/ppp
profileadd change-tcp-mss=default dns-server=10.0.0.1
local-address=10.0.0.1 name=pppoe-expired only-one=default rate-limit=128k/128k
remote-address=\Expired-Pool use-compression=default
use-encryption=default use-ipv6=yes use-mpls=default use-vj-compression=default
Enabling Mikrotik net. Proxy for expired / Non-Payment Users:
Now modify net proxy, in order that expired pool users may be redirected to native proxy wherever they’re going to be denied and redirected to non-payment page on any native net server.
/ip proxyset always-from-cache=no
cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes
max-cache-size=none max-client-connections=600 \max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no
src-address=0.0.0.0
Redirecting expired User Requests from .net Proxy to any native net server page:
Now making decree net. Proxy to dam nonpayment / expired IP pool access and send to native net server page.
/ip proxy
accessadd action=deny disabled=no
dst-port="" redirect-to=10.0.0.2/nonpayment/nonpayment.htm
src-address=172.16.1.0/24
10.0.0.2 May be a native net server wherever nonpayment page is uploaded.
You must produce any traditional markup language page (which have the nonpayment message) and transfer it to any net server of your selection, either it may be native (Preferred) or remote. If its native you won’t got to produce any longer rules, otherwise if it’s on remote server like net, you have got to permit user to access that specific explicit website folder and place them on prime.
Adding NAT Rule to send expired / Non-Payment Users to native net proxy:
Now add NAT rule in order that solely users with expired IP pool ought to be redirected to native net proxy wherever he is going to be redirected to any native net server page.
/ip firewall natadd action=redirect chain=dstnat disabled=no
dst-port=80 protocol=tcp src-address=172.16.1.0/24 to-ports=8080
Restrict Access for expired Users so that they cannot use the other net service:
Now add filter rule to limit expired IP pool users so that they cannot access alternative net services.
/ip
firewall filteradd action=reject chain=forward disabled=no
dst-port=!80,8080 protocol=tcp reject-with=icmp-network-unreachable
src-address=172.16.1.1-172.16.1.255
Now once you wish to dam any users for nonpayment, simply amendment his profile to pppoe-expired profile.
As showed within the image below.
Now the user can still be able to hook up with pppoe server, however he can get expired IP pool, and so are going to be treated consequently to the foundations we have a tendency to create for these users:~) As showed within the image below.
Note: you need to produce any traditional page and transfer it to any net server of your selection, Either It may be native (Preferred) or remote. If its native you won’t got to produce any longer rules, otherwise if it’s on remote server like net, you have got to permit user to access that specific explicit website folder and place them on prime.
Tips for HOTSPOT:
Using higher than methodology you’ll additionally implement non-payment reminder for HOTSPOT users additionally. I assume you have already got operating HOTSPOT already running in situ.
Mikrotik HOTSPOT Serve rIP = a hundred and one.11.11.241
Mikrotik HOTSPOT DHCP Pool = a hundred and one.11.11.0/8
Mikrotik HOTSPOT Expired/NON_Payment Users Pool = a hundred and one.11.21.0/24
First add expired IP pool for expired/nonpayment users
/ip pooladd name=expired-pool
ranges=101.11.21.1-101.11.21.255
Now add profile for expired/non-payment users.
/ip
hotspot user profileadd address-pool=expired-pool idle-timeout=none
keepalive-timeout=2m name=expired-profile shared-users=1 status-autorefresh=1m
transparent-proxy=no
Now modify net proxy service in order that we are able to send expired users to net proxy wherever they’re going to be redirected to native net server showing non-payment page.
/ip proxyset always-from-cache=no
cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes
max-cache-size=none max-client-connections=600 \max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no
src-address=0.0.0.0
In proxy, add rule to dam and send solely expired/non-payment IP pool.
/ip proxy
accessadd action=deny disabled=no
dst-port="" redirect-to=101.11.11.240/nonpayment/nonpayment.htm
src-address=101.11.21.0/24
101.11.11.240 is that the native net server IP.
Create NAT rule to send expired/non-payment users to native net proxy. Move this rule at the tip within the NAT List.
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=”place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=”masquerade hotspot network-DEFAULT RULE, ADD solely ALLOWED USER IPS vary HERE e.g” disabled=no src-address=101.11.11.1-101.11.11.255
add action=redirect chain=dstnat comment=”Redirect expired Users to Proxy” disabled=no dst-address=!101.11.11.241 dst-port=80 protocol=tcp to-ports=8080
Remember, in HOTSPOT default masquerading rule, you need to add solely allowed users IP vary. thus add second decree the last which can truly send solely expired IP pool to native net proxy. (The red one)
Create Firewall Filter to limit Access for expired/non-payment users solely. Move this rule at the tip in Filter list.
/ip
firewall filteradd action=reject chain=input disabled=no
dst-port=!80,8080,53 protocol=tcp reject-with=icmp-network-unreachable
src-address=101.11.21.0/24
Finally produce user and tag him with expired profile.
/ip
hotspot useradd disabled=no name=admin password=admin
profile=defaultadd disabled=no name=test password=test
profile=expired-profile server=hotspot1
Now from user finish, attempt to browse any website, hotspot login page can seem, login with the check id, and take a look at to browse, you’ll be redirected to your native net server page showing nonpayment reminder.
Remember: Rules placement is extremely vital during this methodology. If you misplace rules, you’ll not get desired results.
What's Your Reaction?
