Community discussions

MikroTik App
 
Note
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Fri Jun 03, 2016 12:39 pm

Hotspot doesnt want me......

Fri Jun 03, 2016 12:48 pm

Hello guys,

im on rb951-2n under load balancing pppoe client and wlan and i have the problem i will describe......

after finishing the hotspot setup, suddenly i disconnected from winbox and after that, nothing happens, no internet cannot access MT via winbox, absolutely nothing works.

Can someone help me plz and what u need of my configuration?


thnx in advance

i edit to post my entire configuration
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mru=1500 max-mtu=\
    1500 mrru=1620 name=pppoe-out1 password=guest use-peer-dns=yes user=\
    guest@hol.gr
/ip neighbor discovery
set ether1 discover=no
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
    tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=USER \
    supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=\
    !mixalis1998@ wpa2-pre-shared-key="THEPASS"
/interface wireless
set [ find default-name=wlan1 ] amsdu-limit=4096 amsdu-threshold=4096 \
    antenna-gain=12 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=\
    "united states" disabled=no distance=indoors frequency=2417 hw-retries=6 \
    security-profile=Mixalis ssid=Mixalis tx-power=29 tx-power-mode=\
    all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
/interface wireless nstreme
set wlan1 enable-nstreme=yes
/ip pool
add name=dhcp_pool1 ranges=1.1.1.100-1.1.1.150
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=1d name=\
    dhcp1
/queue simple
add max-limit=20M/1M name=pppoe-out1 queue=\
    pcq-download-default/pcq-upload-default target=pppoe-out1
add burst-limit=16M/850k burst-threshold=10500k/562k burst-time=8s/8s \
    limit-at=7M/375k max-limit=14M/750k name=QoS_1 packet-marks=QoS_1 parent=\
    pppoe-out1 priority=1/1 queue=pcq-download-default/pcq-upload-default \
    target=pppoe-out1
add burst-limit=16M/850k burst-threshold=10500k/562k burst-time=8s/8s \
    limit-at=7M/375k max-limit=14M/750k name=QoS_2 packet-marks=QoS_2 parent=\
    pppoe-out1 priority=2/2 queue=pcq-download-default/pcq-upload-default \
    target=pppoe-out1
add burst-limit=16M/850k burst-threshold=10500k/562k burst-time=8s/8s \
    limit-at=7M/375k max-limit=14M/750k name=QoS_7 packet-marks=QoS_7 parent=\
    pppoe-out1 priority=7/7 queue=pcq-download-default/pcq-upload-default \
    target=pppoe-out1
add burst-limit=16M/850k burst-threshold=10500k/562k burst-time=8s/8s \
    limit-at=7M/375k max-limit=14M/750k name=QoS_8 packet-marks=QoS_8 parent=\
    pppoe-out1 queue=pcq-download-default/pcq-upload-default target=\
    pppoe-out1
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add comment=defconf interface=ether2
add auto-isolate=yes
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=\
    192.168.1.0
add address=192.168.0.2/24 interface=ether1 network=192.168.0.0
add address=192.168.2.2/24 interface=wlan1 network=192.168.2.0
add address=1.1.1.1/24 interface=ether2 network=1.1.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=1.1.1.0/24 gateway=1.1.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=62.38.1.81,62.38.0.81
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Enable FastTrack" \
    connection-state=established,related
add chain=forward comment="Accept forward established,related" \
    connection-state=established,related
add chain=input comment="Accept Input Established Related " connection-state=\
    established,related
add chain=input comment="Allow ICMP" protocol=icmp
add chain=forward comment="Accept Hamachi" dst-address=192.168.1.0/24 port=\
    60132 protocol=tcp
add chain=forward dst-address=192.168.1.0/24 port=60132 protocol=udp
add chain=forward dst-address=1.1.1.0/24 port=60132 protocol=tcp
add chain=forward dst-address=1.1.1.0/24 port=60132 protocol=udp
add chain=forward port=12975 protocol=tcp
add chain=forward port=32976 protocol=tcp
add chain=forward port=17771 protocol=udp
add chain=forward port=443 protocol=tcp
add chain=forward comment="Accept Torrent" dst-address=192.168.1.2 port=61132 \
    protocol=udp
add chain=forward dst-address=192.168.1.2 port=61132 protocol=tcp
add action=jump chain=forward comment="Make jumps to new chains" jump-target=\
    tcp protocol=tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add chain=icmp comment="host unreachable fragmentation required" \
    icmp-options=3:4 protocol=icmp
add chain=icmp comment="allow source quench" icmp-options=4:0 protocol=icmp
add chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add chain=icmp comment="\"allow parameter bad\"" icmp-options=12:0 protocol=\
    icmp
add action=drop chain=icmp comment="deny all other types"
add action=drop chain=forward comment="Block \"bogon\" IP addresses" \
    src-address=0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 \
    protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=135 \
    protocol=tcp
add action=drop chain=tcp comment="deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 \
    protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=\
    tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 \
    protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 \
    protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=\
    udp
add action=drop chain=input comment="Drop everything else" in-interface=\
    pppoe-out1
add action=drop chain=input in-interface=wlan1
add action=drop chain=forward in-interface=pppoe-out1
add action=drop chain=forward in-interface=wlan1
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
    new in-interface=wlan1
/ip firewall mangle
add action=mark-connection chain=input comment=_____Load_Balance \
    in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn
add action=mark-connection chain=input in-interface=wlan1 \
    new-connection-mark=wlan1_conn
add action=mark-routing chain=output connection-mark=pppoe-out1_conn \
    new-routing-mark=to_pppoe-out1
add action=mark-routing chain=output connection-mark=wlan1_conn \
    new-routing-mark=to_wlan1
add chain=prerouting dst-address=192.168.0.0/24 in-interface=ether2
add chain=prerouting dst-address=192.168.2.0/24 in-interface=ether2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=ether2 new-connection-mark=pppoe-out1_conn \
    per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=ether2 new-connection-mark=wlan1_conn \
    per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn \
    in-interface=ether2 new-routing-mark=to_pppoe-out1
add action=mark-routing chain=prerouting connection-mark=wlan1_conn \
    in-interface=ether2 new-routing-mark=to_wlan1
add action=mark-packet chain=forward comment=QoS_1_ICMP-Echo new-packet-mark=\
    QoS_1 out-interface=pppoe-out1 passthrough=no protocol=icmp
add action=mark-packet chain=forward comment=______DNS_NTP dst-port=53,123 \
    new-packet-mark=QoS_1 out-interface=pppoe-out1 passthrough=no protocol=\
    udp
add action=mark-packet chain=forward comment=______ACK new-packet-mark=QoS_1 \
    out-interface=pppoe-out1 packet-size=0-123 passthrough=no port=!80,443 \
    protocol=tcp tcp-flags=ack
add action=mark-connection chain=forward comment=______HTTP-S_Small \
    connection-state=new dst-port=80,443 new-connection-mark=QoS_HTTP \
    out-interface=pppoe-out1 protocol=tcp
add action=mark-packet chain=forward connection-bytes=0-500000 \
    connection-mark=QoS_HTTP new-packet-mark=QoS_1 passthrough=no protocol=\
    tcp
add action=mark-connection chain=forward comment=QoS_1_LOL_Client \
    connection-state=new new-connection-mark=QoS_1 out-interface=pppoe-out1 \
    port=5000-5500 protocol=udp
add action=mark-packet chain=forward connection-mark=QoS_1 new-packet-mark=\
    QoS_1 passthrough=no
add action=mark-connection chain=forward comment=QoS_1_Hamachi \
    connection-state=new new-connection-mark=QoS_1 out-interface=pppoe-out1 \
    port=12975,32976,443 protocol=tcp
add action=mark-connection chain=forward connection-state=new \
    new-connection-mark=QoS_1 out-interface=pppoe-out1 port=17771 protocol=\
    udp
add action=mark-packet chain=forward connection-mark=QoS_1 new-packet-mark=\
    QoS_1 passthrough=no
add action=mark-connection chain=forward comment=\
    QoS_2_FTP_SSH_Telnet_SMTP_POP3-S_SNTP_IMAP-S_SMTP-S connection-state=new \
    dst-port=20,21,22,23,25,110,143,465,587,993,995 new-connection-mark=QoS_2 \
    out-interface=pppoe-out1 protocol=tcp
add action=mark-packet chain=forward connection-mark=QoS_2 new-packet-mark=\
    QoS_2 passthrough=no
add action=mark-packet chain=forward comment=QoS_2_HTTP-S_Large \
    connection-bytes=500000-0 connection-mark=QoS_HTTP new-packet-mark=QoS_2 \
    passthrough=no protocol=tcp
add action=mark-connection chain=forward comment=QoS_8_Torrents_except_VoIP \
    connection-state=new new-connection-mark=QoS_8 out-interface=pppoe-out1 \
    port=3000,6881-7000,9091,10000-65535 protocol=tcp src-port=!1167
add action=mark-connection chain=forward connection-state=new \
    new-connection-mark=QoS_8 out-interface=pppoe-out1 port=\
    3000,6881-7000,9091,10000-65535 protocol=udp src-port=!1167
add action=mark-packet chain=forward connection-mark=QoS_8 new-packet-mark=\
    QoS_8 passthrough=no
add action=mark-connection chain=forward comment=QoS_7_VoIP_and_all_others \
    connection-state=new new-connection-mark=QoS_7 out-interface=pppoe-out1
add action=mark-packet chain=forward connection-mark=QoS_7 new-packet-mark=\
    QoS_7 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="Basic NAT" out-interface=\
    pppoe-out1
add action=masquerade chain=srcnat out-interface=wlan1
add action=dst-nat chain=dstnat comment="Allow Hamachi" dst-port=60132 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.2 to-ports=\
    60132
add action=dst-nat chain=dstnat dst-port=60132 in-interface=wlan1 protocol=\
    tcp to-addresses=192.168.1.2 to-ports=60132
add action=dst-nat chain=dstnat dst-port=60132 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.1.2 to-ports=60132
add action=dst-nat chain=dstnat dst-port=60132 in-interface=wlan1 protocol=\
    udp to-addresses=192.168.1.2 to-ports=60132
add action=dst-nat chain=dstnat comment="Allow Torrent" dst-port=61132 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.2 to-ports=\
    61132
add action=dst-nat chain=dstnat dst-port=61132 in-interface=wlan1 protocol=\
    tcp to-addresses=192.168.1.2 to-ports=61132
add action=dst-nat chain=dstnat dst-port=61132 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.1.2 to-ports=61132
add action=dst-nat chain=dstnat dst-port=61132 in-interface=wlan1 protocol=\
    udp to-addresses=192.168.1.2 to-ports=61132
add action=masquerade chain=srcnat comment="Access modem" out-interface=\
    ether1 to-addresses=192.168.1.10
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=\
    to_pppoe-out1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_wlan1
add distance=1 gateway=192.168.0.1
add distance=2 gateway=192.168.2.1
/system clock
set time-zone-name=Europe/Athens
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set pppoe-out1 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
/system leds
set 0 interface=wlan1
/system ntp client
set primary-ntp=62.103.129.253 secondary-ntp=194.177.210.54
/system package update
set channel=bugfix
/system routerboard settings
set cpu-frequency=400MHz
/tool mac-server
set [ find default=yes ] disabled=yes
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add
/tool sniffer
set filter-interface=*10 streaming-enabled=yes streaming-server=10.10.10.1
/tool user-manager database
set db-path=user-manager
My setup is .....

ether1= my pppoe client connected to 192.168.0.1 bridge modem masquerade, added also 192.168.0.2 masquerade to be able to access my modem

ether2= my lan added 2 ip's 192.168.1.1/24 and 1.1.1.1/24, on second dhcp acts

wlan1= has the 192.168.2.2 ip and connects as bridge mode on an external 192.168.2.1 modem and load balances with pppoe client, masquerade also.

My setup has no any bridge interface

I have no problem working with the above configuration, but when im going to setup the hotspot, after finishing, everything disconnects and i cant even access the MT via winbox, also no internet access and i have to reset the MT and restore my configuration to make it work.

I have tried to delete the second lan (1.1.1.1) and the dhcp server but with no luck.

In begin i remember that i was able to setup the hotspot with success, exactly after pppoe setup but i delete it cause i was not sure if i want it and then i setup all the other config i have now, load balance, QoS in simple queue, simple firewall and now i cant setup the hotspot.

Any farther help will be appreciated cause i have stack on this
 
p3rad0x
Long time Member
Long time Member
Posts: 637
Joined: Fri Sep 18, 2015 5:42 pm
Location: South Africa
Contact:

Re: Hotspot doesnt want me......

Thu Aug 25, 2016 9:47 am

Hi,

Does it happen when you enable the hotspot?

If you enable hotspot on a interface you are connected to it will disconnect you
 
User avatar
razavim
Trainer
Trainer
Posts: 99
Joined: Sun Sep 27, 2015 1:43 pm
Location: Turkey
Contact:

Re: RE: Hotspot doesnt want me......

Tue Sep 06, 2016 1:13 am

Hello guys,

im on rb951-2n under load balancing pppoe client and wlan and i have the problem i will describe......

after finishing the hotspot setup, suddenly i disconnected from winbox and after that, nothing happens, no internet cannot access MT via winbox, absolutely nothing works.

Can someone help me plz and what u need of my configuration?


thnx in advance

i edit to post my entire configuration
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mru=1500 max-mtu=\
    1500 mrru=1620 name=pppoe-out1 password=guest use-peer-dns=yes user=\
    guest@hol.gr
/ip neighbor discovery
set ether1 discover=no
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
    tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=USER \
    supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=\
    !mixalis1998@ wpa2-pre-shared-key="THEPASS"
/interface wireless
set [ find default-name=wlan1 ] amsdu-limit=4096 amsdu-threshold=4096 \
    antenna-gain=12 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=\
    "united states" disabled=no distance=indoors frequency=2417 hw-retries=6 \
    security-profile=Mixalis ssid=Mixalis tx-power=29 tx-power-mode=\
    all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
/interface wireless nstreme
set wlan1 enable-nstreme=yes
/ip pool
add name=dhcp_pool1 ranges=1.1.1.100-1.1.1.150
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=1d name=\
    dhcp1
/queue simple
add max-limit=20M/1M name=pppoe-out1 queue=\
    pcq-download-default/pcq-upload-default target=pppoe-out1
add burst-limit=16M/850k burst-threshold=10500k/562k burst-time=8s/8s \
    limit-at=7M/375k max-limit=14M/750k name=QoS_1 packet-marks=QoS_1 parent=\
    pppoe-out1 priority=1/1 queue=pcq-download-default/pcq-upload-default \
    target=pppoe-out1
add burst-limit=16M/850k burst-threshold=10500k/562k burst-time=8s/8s \
    limit-at=7M/375k max-limit=14M/750k name=QoS_2 packet-marks=QoS_2 parent=\
    pppoe-out1 priority=2/2 queue=pcq-download-default/pcq-upload-default \
    target=pppoe-out1
add burst-limit=16M/850k burst-threshold=10500k/562k burst-time=8s/8s \
    limit-at=7M/375k max-limit=14M/750k name=QoS_7 packet-marks=QoS_7 parent=\
    pppoe-out1 priority=7/7 queue=pcq-download-default/pcq-upload-default \
    target=pppoe-out1
add burst-limit=16M/850k burst-threshold=10500k/562k burst-time=8s/8s \
    limit-at=7M/375k max-limit=14M/750k name=QoS_8 packet-marks=QoS_8 parent=\
    pppoe-out1 queue=pcq-download-default/pcq-upload-default target=\
    pppoe-out1
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add comment=defconf interface=ether2
add auto-isolate=yes
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=\
    192.168.1.0
add address=192.168.0.2/24 interface=ether1 network=192.168.0.0
add address=192.168.2.2/24 interface=wlan1 network=192.168.2.0
add address=1.1.1.1/24 interface=ether2 network=1.1.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=1.1.1.0/24 gateway=1.1.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=62.38.1.81,62.38.0.81
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Enable FastTrack" \
    connection-state=established,related
add chain=forward comment="Accept forward established,related" \
    connection-state=established,related
add chain=input comment="Accept Input Established Related " connection-state=\
    established,related
add chain=input comment="Allow ICMP" protocol=icmp
add chain=forward comment="Accept Hamachi" dst-address=192.168.1.0/24 port=\
    60132 protocol=tcp
add chain=forward dst-address=192.168.1.0/24 port=60132 protocol=udp
add chain=forward dst-address=1.1.1.0/24 port=60132 protocol=tcp
add chain=forward dst-address=1.1.1.0/24 port=60132 protocol=udp
add chain=forward port=12975 protocol=tcp
add chain=forward port=32976 protocol=tcp
add chain=forward port=17771 protocol=udp
add chain=forward port=443 protocol=tcp
add chain=forward comment="Accept Torrent" dst-address=192.168.1.2 port=61132 \
    protocol=udp
add chain=forward dst-address=192.168.1.2 port=61132 protocol=tcp
add action=jump chain=forward comment="Make jumps to new chains" jump-target=\
    tcp protocol=tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add chain=icmp comment="host unreachable fragmentation required" \
    icmp-options=3:4 protocol=icmp
add chain=icmp comment="allow source quench" icmp-options=4:0 protocol=icmp
add chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add chain=icmp comment="\"allow parameter bad\"" icmp-options=12:0 protocol=\
    icmp
add action=drop chain=icmp comment="deny all other types"
add action=drop chain=forward comment="Block \"bogon\" IP addresses" \
    src-address=0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 \
    protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=135 \
    protocol=tcp
add action=drop chain=tcp comment="deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 \
    protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=\
    tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 \
    protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 \
    protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=\
    udp
add action=drop chain=input comment="Drop everything else" in-interface=\
    pppoe-out1
add action=drop chain=input in-interface=wlan1
add action=drop chain=forward in-interface=pppoe-out1
add action=drop chain=forward in-interface=wlan1
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
    new in-interface=wlan1
/ip firewall mangle
add action=mark-connection chain=input comment=_____Load_Balance \
    in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn
add action=mark-connection chain=input in-interface=wlan1 \
    new-connection-mark=wlan1_conn
add action=mark-routing chain=output connection-mark=pppoe-out1_conn \
    new-routing-mark=to_pppoe-out1
add action=mark-routing chain=output connection-mark=wlan1_conn \
    new-routing-mark=to_wlan1
add chain=prerouting dst-address=192.168.0.0/24 in-interface=ether2
add chain=prerouting dst-address=192.168.2.0/24 in-interface=ether2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=ether2 new-connection-mark=pppoe-out1_conn \
    per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=ether2 new-connection-mark=wlan1_conn \
    per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn \
    in-interface=ether2 new-routing-mark=to_pppoe-out1
add action=mark-routing chain=prerouting connection-mark=wlan1_conn \
    in-interface=ether2 new-routing-mark=to_wlan1
add action=mark-packet chain=forward comment=QoS_1_ICMP-Echo new-packet-mark=\
    QoS_1 out-interface=pppoe-out1 passthrough=no protocol=icmp
add action=mark-packet chain=forward comment=______DNS_NTP dst-port=53,123 \
    new-packet-mark=QoS_1 out-interface=pppoe-out1 passthrough=no protocol=\
    udp
add action=mark-packet chain=forward comment=______ACK new-packet-mark=QoS_1 \
    out-interface=pppoe-out1 packet-size=0-123 passthrough=no port=!80,443 \
    protocol=tcp tcp-flags=ack
add action=mark-connection chain=forward comment=______HTTP-S_Small \
    connection-state=new dst-port=80,443 new-connection-mark=QoS_HTTP \
    out-interface=pppoe-out1 protocol=tcp
add action=mark-packet chain=forward connection-bytes=0-500000 \
    connection-mark=QoS_HTTP new-packet-mark=QoS_1 passthrough=no protocol=\
    tcp
add action=mark-connection chain=forward comment=QoS_1_LOL_Client \
    connection-state=new new-connection-mark=QoS_1 out-interface=pppoe-out1 \
    port=5000-5500 protocol=udp
add action=mark-packet chain=forward connection-mark=QoS_1 new-packet-mark=\
    QoS_1 passthrough=no
add action=mark-connection chain=forward comment=QoS_1_Hamachi \
    connection-state=new new-connection-mark=QoS_1 out-interface=pppoe-out1 \
    port=12975,32976,443 protocol=tcp
add action=mark-connection chain=forward connection-state=new \
    new-connection-mark=QoS_1 out-interface=pppoe-out1 port=17771 protocol=\
    udp
add action=mark-packet chain=forward connection-mark=QoS_1 new-packet-mark=\
    QoS_1 passthrough=no
add action=mark-connection chain=forward comment=\
    QoS_2_FTP_SSH_Telnet_SMTP_POP3-S_SNTP_IMAP-S_SMTP-S connection-state=new \
    dst-port=20,21,22,23,25,110,143,465,587,993,995 new-connection-mark=QoS_2 \
    out-interface=pppoe-out1 protocol=tcp
add action=mark-packet chain=forward connection-mark=QoS_2 new-packet-mark=\
    QoS_2 passthrough=no
add action=mark-packet chain=forward comment=QoS_2_HTTP-S_Large \
    connection-bytes=500000-0 connection-mark=QoS_HTTP new-packet-mark=QoS_2 \
    passthrough=no protocol=tcp
add action=mark-connection chain=forward comment=QoS_8_Torrents_except_VoIP \
    connection-state=new new-connection-mark=QoS_8 out-interface=pppoe-out1 \
    port=3000,6881-7000,9091,10000-65535 protocol=tcp src-port=!1167
add action=mark-connection chain=forward connection-state=new \
    new-connection-mark=QoS_8 out-interface=pppoe-out1 port=\
    3000,6881-7000,9091,10000-65535 protocol=udp src-port=!1167
add action=mark-packet chain=forward connection-mark=QoS_8 new-packet-mark=\
    QoS_8 passthrough=no
add action=mark-connection chain=forward comment=QoS_7_VoIP_and_all_others \
    connection-state=new new-connection-mark=QoS_7 out-interface=pppoe-out1
add action=mark-packet chain=forward connection-mark=QoS_7 new-packet-mark=\
    QoS_7 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="Basic NAT" out-interface=\
    pppoe-out1
add action=masquerade chain=srcnat out-interface=wlan1
add action=dst-nat chain=dstnat comment="Allow Hamachi" dst-port=60132 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.2 to-ports=\
    60132
add action=dst-nat chain=dstnat dst-port=60132 in-interface=wlan1 protocol=\
    tcp to-addresses=192.168.1.2 to-ports=60132
add action=dst-nat chain=dstnat dst-port=60132 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.1.2 to-ports=60132
add action=dst-nat chain=dstnat dst-port=60132 in-interface=wlan1 protocol=\
    udp to-addresses=192.168.1.2 to-ports=60132
add action=dst-nat chain=dstnat comment="Allow Torrent" dst-port=61132 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.2 to-ports=\
    61132
add action=dst-nat chain=dstnat dst-port=61132 in-interface=wlan1 protocol=\
    tcp to-addresses=192.168.1.2 to-ports=61132
add action=dst-nat chain=dstnat dst-port=61132 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.1.2 to-ports=61132
add action=dst-nat chain=dstnat dst-port=61132 in-interface=wlan1 protocol=\
    udp to-addresses=192.168.1.2 to-ports=61132
add action=masquerade chain=srcnat comment="Access modem" out-interface=\
    ether1 to-addresses=192.168.1.10
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=\
    to_pppoe-out1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_wlan1
add distance=1 gateway=192.168.0.1
add distance=2 gateway=192.168.2.1
/system clock
set time-zone-name=Europe/Athens
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set pppoe-out1 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
/system leds
set 0 interface=wlan1
/system ntp client
set primary-ntp=62.103.129.253 secondary-ntp=194.177.210.54
/system package update
set channel=bugfix
/system routerboard settings
set cpu-frequency=400MHz
/tool mac-server
set [ find default=yes ] disabled=yes
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add
/tool sniffer
set filter-interface=*10 streaming-enabled=yes streaming-server=10.10.10.1
/tool user-manager database
set db-path=user-manager
My setup is .....

ether1= my pppoe client connected to 192.168.0.1 bridge modem masquerade, added also 192.168.0.2 masquerade to be able to access my modem

ether2= my lan added 2 ip's 192.168.1.1/24 and 1.1.1.1/24, on second dhcp acts

wlan1= has the 192.168.2.2 ip and connects as bridge mode on an external 192.168.2.1 modem and load balances with pppoe client, masquerade also.

My setup has no any bridge interface

I have no problem working with the above configuration, but when im going to setup the hotspot, after finishing, everything disconnects and i cant even access the MT via winbox, also no internet access and i have to reset the MT and restore my configuration to make it work.

I have tried to delete the second lan (1.1.1.1) and the dhcp server but with no luck.

In begin i remember that i was able to setup the hotspot with success, exactly after pppoe setup but i delete it cause i was not sure if i want it and then i setup all the other config i have now, load balance, QoS in simple queue, simple firewall and now i cant setup the hotspot.

Any farther help will be appreciated cause i have stack on this
If you are trying to connect to the same interface as you have implemented the hotspot on, then you have two options:
1- connect with MAC
2- open the browser and put your interface address and try to use the same login information as it was required to setup hotspot. Walla , you can connect to winbox with ip now.

keep us informed

Sent from my SM-N910C using Tapatalk

Who is online

Users browsing this forum: No registered users and 12 guests