Re: [Mikrotik] Regex / L7 Allowance for Paypal for PPPoE restricted pool users

Wed, 07 Jul 2010 12:15:39 -0700

The redirect back to our page (and as such our own credit card gateway) works fine, the problem is allowing users the remote access they need to PayPal to be able to continue using :-( 

On 8/07/2010 3:32 AM, Josh Luthman wrote:

Powercode does that - redirects the non active customers' traffic to
the http server.

I did this manually for a couple of years before Powecode, like you.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

“Success is not final, failure is not fatal: it is the courage to
continue that counts.”
--- Winston Churchill



On Wed, Jul 7, 2010 at 1:34 PM, Andrew Cox<and...@accessplus.com.au>  wrote:

Hey Guys,

Am working on rolling out PPPoE authentication to sit hand-in-hand with our
hotspot system and have run into a snag.
On the hotspot you can assign a walled-garden entry (a regular expression
that the mikrotik will check and allow out) or a walled-garden ip entry (a
hostname that the mikrotik will allow by IP, works with domains pointing to
multiple IP's)

For the PPPoE accounts, we've taken the approach that when a user exceeds
their limits they are redirected back to the login page to add more time or
data.
For those who would simply top up via our credit card gateway this works
fine, however for those who normally use paypal, they're no longer able to
reach the site.

I'm trying to work out a relatively simple method of allowing users to the
paypal page (most likely using a L7 filter) that will allow me to catch and
allow any and all connections to:

*.paypal.com
*.paypalobjects.com
*.akamaiedge.net (used for some paypal content)
paypal.112.207.net (used for paypal stats)

The way we're currently restricting pppoe uses is to put them in a define IP
pool with filter and nat rules only allowing access to our server IP and a
dst-nat rule directing all web-traffic to the login page while dropping all
else.

Any suggestions, or has anyone else done anything similar?

--
Kind Regards,
Andrew Cox
AccessPlus
Head Network Administrator
Ph: 1300 739 822 (7am - 12 midnight AEST)

Stop Internet Censorship in Australia - http://openinternet.com.au/

_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS


_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Reply via email to