Forum

Já tentei de tudo, o sistema bloqueia, mas não aparece a página de aviso e de bloqueio.

Estou usando as seguintes regras:

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=accept chain=forward comment="Limitar conex\F5es por IP" \
connection-limit=3,32 disabled=yes protocol=tcp src-address=192.168.11.0/24 \
tcp-flags=syn
add action=drop chain=forward comment=\
"Exibir pagina de corte usando Radius LIST ou SSH - CORTE" disabled=no \
dst-port=!53 protocol=udp src-address-list=pgcorte
add action=drop chain=forward comment=CORTE disabled=no dst-port=!80 protocol=\
tcp src-address-list=pgcorte
add action=drop chain=forward comment=CORTE disabled=no dst-port=!85 protocol=\
tcp src-address-list=pgcorte
add action=drop chain=forward comment=\
"Exibir pagina de corte usando Radius Pool - CORTE" disabled=no dst-port=\
!53 protocol=udp src-address=10.3.0.2-10.3.3.254
add action=drop chain=forward comment=CORTE disabled=no dst-port=!80 protocol=\
tcp src-address=10.3.0.2-10.3.3.254
add action=drop chain=forward comment=CORTE disabled=no dst-port=!85 protocol=\
tcp src-address=10.3.0.2-10.3.3.254

NO NAT USO

/ip firewall nat
add action=dst-nat chain=dstnat comment="AVISO DE MANUTEN\C7\C3O" disabled=yes \
dst-port=80 protocol=tcp src-address=0.0.0.0/0 to-addresses=192.168.1.200 \
to-ports=89

add action=dst-nat chain=dstnat comment=CORTE disabled=no dst-address=\
!192.168.1.200 dst-port=80 protocol=tcp src-address-list=pgcorte \
to-addresses=192.168.1.200 to-ports=85
add action=dst-nat chain=dstnat comment="PG CORTE" disabled=no dst-address=\
!192.168.1.200 protocol=tcp src-address=10.3.0.2-10.3.3.254 to-addresses=\
192.168.1.200 to-ports=85
add action=dst-nat chain=hotspot comment="PG CORTE" disabled=no packet-mark=\
bloqueado protocol=tcp to-addresses=192.168.1.200 to-ports=85
add action=dst-nat chain=dstnat comment="PG AVISO" disabled=no dst-port=80 \
protocol=tcp src-address-list=pgaviso to-addresses=192.168.1.200 to-port
88
add action=dst-nat chain=dstnat comment="- PG CORTE" disabled=no dst-address
!192.168.1.200 protocol=tcp src-address-list=pgcorte to-addresses=\
192.168.1.200 to-ports=85
add action=dst-nat chain=dstnat comment="PG CORTE HTTPS" disabled=no \
dst-address=!192.168.1.200 dst-port=443 protocol=tcp src-address-list=\
pgcorte to-addresses=192.168.1.200 to-ports=445
add action=dst-nat chain=dstnat comment="PG CORTE" disabled=no dst-address=\
!192.168.1.200 protocol=tcp src-address-list=pgcorte to-addresses=\
192.168.1.200 to-ports=85
add action=passthrough chain=unused-hs-chain comment="place hotspot rules he
disabled=yes
add action=masquerade chain=srcnat comment=Nat disabled=no out-interface=wla
add action=dst-nat chain=dstnat comment="Redirecionamento de IP para o MK Au
disabled=no dst-address=192.168.11.200 to-addresses=192.168.1.200
add action=dst-nat chain=dstnat comment="Redirecionamento Gerencianet" \
disabled=no dst-port=8080 protocol=tcp to-addresses=192.168.1.200 to-por
80
add action=accept chain=dstnat comment="Aceita_Central do cliente" disabled=
dst-address=192.168.1.200 protocol=tcp

O que fiz de errado?

Regras Mikrotik.bmp

Regras Mikrotik 2.bmp