You would still need the ip chains rules I would think however, since the TCPIP header of the packet is still going to have a different destination IP in it than 123.123.123.123. The ipchains rules would intercept all destinations. On Fri, 8 Oct 1999, Dataheart wrote:
I got my date right now.
Even easier if you have a cisco router. 123.123.123.123 is the ip of the virtual web site where your out of time message is.
write a script to on out of time set FRAMED-IP-ADDRESS to a 192.168 addresss and put this in your cisco.
route-map outoftime-redirect permit 10 match ip address 110 set ip next-hop 123.123.123.123 ! ! access-list 110 deny tcp 192.168.0.0 255.255.0.0 eq www any access-list 110 deny tcp any any ! ! interface Ethernet0 ip policy route-map outoftime-redirect !
This should work.
Thanks, Aaron
Brian wrote:
On Thu, 7 Oct 1999, Mike Wronski wrote:
The HiPer ARC filters are just that filters. There is no support for redirecting traffic via filter. If your trying to do adult content filtering via something like xSTOP or similar than you should be using the IEA feauture that allows you to set a default route on a per user basis. The new default route would point to your content filtering device..
Just a note here so that anyone trying this knows: The content filter has to be 1 hop away from the ARC. You can't have an ARC in a remote POP, IEA direct someone to a content filter back at your noc. It would be very cool however if this was implemented.
One way to accomplish this, that others have done. Is to set the users IP to a private network, like 192.168.1.x, then route that network to a box. Put some ipchains rules in place so that the box accepts all port 80 destinations.......similar to what you would do for a squid box, something like:
/sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -p tcp -d 208.206.76.44 80 /sbin/ipchains -A input -j REDIRECT 80 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80
Then you run a webserver on this content box, and you setup apache to listen on all destinations, even can use rewrite rules to rewrite their urls if you want, and take them to your billing page.
Brian
-M
|-----Original Message----- |From: owner-usr-tc@lists.xmission.com |[mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Startup Suppliers |Ltd. |Sent: Thursday, October 07, 1999 3:21 AM |To: usr-tc@lists.xmission.com |Subject: Re: (usr-tc) Filter | | |I am interested in this too, please forward response to me. | |Okeyo | | |At 10:00 AM 10/6/99 -0400, you wrote: |>I am trying to create an ARC filter that will make ALL HTTP traffic redirect |>to one specific site. |> |>We would like have filter so that any late payment people will still be able |>to login but they will be redirected to a website informing them that their |>bill is due. |> |>would also like the filter to not allow any traffic other than HTTP. |> |>any ideas? |> |> |>- |> To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" |> with "unsubscribe usr-tc" in the body of the message. |> For information on digests or retrieving files and old messages send |> "help" to the same address. Do not use quotes in your message. |> |> | | |- | To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" | with "unsubscribe usr-tc" in the body of the message. | For information on digests or retrieving files and old messages send | "help" to the same address. Do not use quotes in your message. |
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881)
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.