วันอาทิตย์ที่ 18 พฤษภาคม พ.ศ. 2557

แจ้งเตือน pppoe mikrotik หมดอายุ



Non Payment Reminder for PPPoE/HOTSPOT Clients in Mikrotik


PPPOE


Mikrotik PPPoE Serve rIP = 10.0.0.1
Mikrotik User DHCP Pool = 10.0.0.0/8
Mikrotik PPPoE Pool = 172.16.0.0/16

##############################
Adding IP pool for Expired / Non Payment Users
/ip pool
add name=Expired-Pool ranges=172.16.1.1-172.16.1.255

############################
Adding Profile for Expired / Non Payment Users
/ppp profile
add change-tcp-mss=default dns-server=10.0.0.1 local-address=10.0.0.1 name=pppoe-expired only-one=default rate-limit=128k/128k remote-address=\
Expired-Pool use-compression=default use-encryption=default use-ipv6=yes use-mpls=default use-vj-compression=default

###########################
Enabling Mikrotik Web.Proxy for Expired / Non Payment Users
Now enable Web proxy, so that expired pool users can be redirected to local proxy where they will be denied and redirected to non payment page on any local web server.

/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0

#############################
Redirecting Expired User Requests from web.proxy to any local web server page
Now creating rule in web.proxy to block non payment / expired ip pool access and redirect to local web server page.
/ip proxy access
add action=deny disabled=no dst-port=”” redirect-to=10.0.0.2/nonpayment/nonpayment.htm src-address=172.16.1.0/24

10.0.0.2 is a local web server where non payment page is uploaded.
You must create any normal html page (which have the non payment message) and upload it to any web server of your choice, Either It can be local (Preferred) or remote. If its local you won’t have to create any further rules , otherwise if its on remote server like internet, you have to allow user to access that specific particular site folder and place them on top.

#############################
Adding NAT Rule to redirect Expired / Non Payment Users to local web proxy
Now add NAT rule so that only users with expired ip pool should be redirected to local web proxy where he will be redirected to any local web server page.

/ip firewall nat
add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp src-address=172.16.1.0/24 to-ports=8080

############################
Restrict Access for Expired Users so they cannot use any other internet service
Now add filter rule to restrict expired ip pool users so they cannot access other internet services.

/ip firewall filter
add action=reject chain=forward disabled=no dst-port=!80,8080 protocol=tcp reject-with=icmp-network-unreachable src-address=172.16.1.1-172.16.1.255

Now when you want to block any users for non payment, just change his profile to pppoe-expired profile.

############################



Tips for HOTSPOT


Using above method you can also implement non payment reminder for HOTSPOT users also. I assume you already have working HOTSPOT already running in place.

Mikrotik HOTSPOT Serve rIP = 101.11.11.241
Mikrotik HOTSPOT DHCP Pool = 101.11.11.0/8
Mikrotik HOTSPOT Expired/NON_Payment Users Pool = 101.11.21.0/24

First add expired ip pool for expired/non payment users.

/ip pool
add name=expired-pool ranges=101.11.21.1-101.11.21.255

Now add profile for expired/non payment users.

/ip hotspot user profile
add address-pool=expired-pool idle-timeout=none keepalive-timeout=2m name=expired-profile shared-users=1 status-autorefresh=1m transparent-proxy=no

Now enable web proxy service so that we can redirect expired users to web proxy where they will be redirected to local web server showing non payment page.

/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0

In proxy, add rule to block and redirect only expired/non payment ip pool.

/ip proxy access
add action=deny disabled=no dst-port=”” redirect-to=101.11.11.240/nonpayment/nonpayment.htm src-address=101.11.21.0/24

101.11.11.240 is the local web server ip.
Create NAT rule to redirect expired/non payment users to local web proxy. Move this rule at the end in the NAT List.

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=”place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=”masquerade hotspot network-DEFAULT RULE, ADD ONLY ALLOWED USER IPS RANGE HERE e.g” disabled=no src-address=101.11.11.1-101.11.11.255

add action=redirect chain=dstnat comment=”Redirect Expired Users to Proxy” disabled=no dst-address=!101.11.11.241 dst-port=80 protocol=tcp to-ports=8080
Remember, in HOTSPOT default masquerading rule, you must add only allowed users ip range. so add second rule in the last which will actually redirect only expired ip pool to local web proxy. (the red one)
Create Firewall Filter to Restrict Access for expired/non payment users only. Move this rule at the end in Filter list.

/ip firewall filter
add action=reject chain=input disabled=no dst-port=!80,8080,53 protocol=tcp reject-with=icmp-network-unreachable src-address=101.11.21.0/24

Finally create user and tag him with expired-profile.

/ip hotspot user
add disabled=no name=admin password=admin profile=default
add disabled=no name=test password=test profile=expired-profile server=hotspot1

Now from user end, try to browse any site, hotspot login page will appear, login with the test id, and try to browse, you will be redirected to your local web server page showing non payment reminder.
Remember: Rules placement is very important in this method. if you misplace rules, you will not get desired results.

credit : http://aacable.wordpress.com/2012/11/14/non-payment-reminder-for-pppoe-clients-in-mikrotik/

ไม่มีความคิดเห็น:

แสดงความคิดเห็น