How do I enable unauthenticated users to ping the gateway?

rootlinux · December 22, 2006, 5:57am

Hi all,

I had setup the MikroTik Hotspot successfully. How do I enable unauthenticated users to ping the gateway?

Regards,
rootlinux

sergejs · December 22, 2006, 5:59am

To allows specific resoursces without authentication, you need to use ‘walled-garden’. For your case ‘ip hotspot walled-garden ip’.

Hellbound · December 22, 2006, 2:52pm

add chain=hs-input dst-address=10.1.1.3 protocol=icmp action=accept comment="" disabled=no

10.1.1.3 is your Gateway address.

hope it helps

skillful · December 22, 2006, 7:42pm

Use chain=pre-hs-input for this to work

sergejs · December 27, 2006, 6:28am

Once again,
‘ip hotspot walled-garden ip’ allows to accomplish the same thing, there is no reason to create static NAT rules and think about specific chain to put them.
rootlinux
walled-garden is feature that you need, as it was designed specially to allow specific resources without authentication for HotSpot clients.

Hellbound · December 28, 2006, 10:49am

Walled garden is dangerous item to play with!

maybe he doesn’t want full connection to that destined IP address
putting that in walled garden may be vulnerable to scan the server for open ports.

it can also be used to do free surfing through that open gateway.

sergejs · December 28, 2006, 10:59am

As far as I know, walled-garden allows access to SPECIFIED resources for the HotSpot users without authentication, e.g. to allow ICMP from user A to server B,
‘/ ip hotspot walled-garden ip add action=allow protocol=icmp src-address=A dst-address=B’.

Using NAT rules, you have more chances to add incorrect rules, that might cause
“full connection to that destined IP address
t can also be used to do free surfing through that open gateway.”.[/i]