Whatsup blocking

Another problem that exists in splynx is that when a client is blocked the client can use what up. Thanks team This is easy for you.

This will be the best program in the world let’s get it right between all

Come on, this is not a problem of splynx but blocking rules that are set up on router manually by administrator

This has been the case to me too, i raised the issue with Jorge and gave him some home work to do.
192.168.174.43 is my server
8102 is the customized non payment portal
Am using API

0 ;;; Redirect No Paying client to the Blocked page
chain=dstnat action=dst-nat to-addresses=192.168.174.43 to-ports=8102 protocol=tcp src-address-list=SpLBL_blocked

1 ;;; Redirect No Paying client to the Blocked page
chain=dstnat action=dst-nat to-addresses=192.168.174.43 to-ports=8102 protocol=tcp src-address-list=SpLBL_blocked dst-port=443

With the two, rules the client is re directed to the nonpayment portal when using mozilla, internet explorer with no hitch but come to chrome, Youtube works non stop + gmail. You will only hit the nonpayment page if you open bbc.com

When i add the third rule as below

2 ;;; cut all other traffic like Peer to peer connections (redirect them to router itself)
chain=dstnat action=redirect protocol=!tcp src-address-list=SpLBL_blocked

Yes Blocked client get no internet but never redirects to the non payment portal!! This rule keeps populating the packets drops

So the client is not aware whether it is a billing or just an internet outage without notice!!

Kindly assist

The first thing is to allow the DNS protocol, then the redirect rules.

:thinking: ??

You want to know what DNS is, why it should be allowed first or why your blocked customer don´t get the blocked page? (What exactly is your question?)

My question is : Why is http trafic not redirected to the non payment portal when using the !tcp rule? and how to fix this…

Because, before the http traffic takes place, there is a DNS request (which mission is to get the ip address of the website the user is trying to visit). So, considering DNS is a UDP protocol, the !tcp rule is blocking it, so the web browser never gets the IP address it needs, and it just time out… Solution: allows the DNS request as your first rule.

Ok got you . Like below?

/ip firewall nat
add chain=dstnat protocol=udp dst-port=53 in-interface=LAN action=accept

Right! :+1::+1::+1:

This doesn’t solve my issue…It only populate the counters without the redirect

@alexcherry Hope this find you welll, Am using API but redirects never work at all.

I tried above and also your post from Redirect Blocked Customer - #4 by alexcherry

and

The 10.60.0.10 is my routers WAN IP, the broadband.xxxxxxx.co.ke:8102 is the server / splyx hosting the redirect page.

Am totally Stuck kindly assist .

Dear Team,

At last managed to allow DNS before the drop rule.
As below

0 ;;; Allow DNS for Blocked list
chain=dstnat action=accept protocol=udp src-address-list=SpLBL_blocked dst-port=53 log=no log-prefix=""

1 ;;; Redirect No Paying client to the Blocked page
chain=dstnat action=dst-nat to-addresses=192.168.0.18 to-ports=80 protocol=tcp src-address-list=SpLBL_blocked dst-port=80 log=no log-prefix=""

2 ;;; Redirect No Paying client to the Blocked page
chain=dstnat action=dst-nat to-addresses=192.168.0.18 to-ports=80 protocol=tcp src-address-list=SpLBL_blocked dst-port=443 log=no log-prefix=""

3 ;;; cut all other traffic like Peer to peer connections (redirect them to router itself)
chain=dstnat action=redirect protocol=!tcp src-address-list=SpLBL_blocked log=no log-prefix=""

@Rhansseel
Unfortunately. Whatsup, Skype, Outlook still access full speed facility.
Any solution for this? Yes

i introduce this rule under filters

0 ;;; Drop All other connections apart From TCP 80 for Blocklist
chain=forward action=drop protocol=tcp src-address-list=SpLBL_blocked dst-port=!80 log=no log-prefix=""

Then i call it finito.