Community discussions

MikroTik App
 
mrchiless
just joined
Topic Author
Posts: 14
Joined: Fri Feb 04, 2005 12:02 pm

Best way to bypass the hotspot

Tue Mar 22, 2005 5:13 pm

I have to class C's 192.168.1.x and 192.168.2.x
I want 192.168.1.x to alway use the hotspot to authenticate, but I want 192.168.2.x to be router thru the hotspot without the need to authenicate.
I see from the posts that in to 2.8 you create a mangle rule to mark the packets, then a firewall rule Is it the same in 2.9 or is there a easy way to do it. But some poeple are saying you just need mangle rule.
I have tried the rule below with no luck.

ip firewall mangle add src-address=192.168.2.0/24 mark-flow=hs-auth chain=input
 
User avatar
lastguru
Member
Member
Posts: 432
Joined: Fri May 28, 2004 9:04 pm
Location: Certified Trainer/Consultant in Riga, Latvia
Contact:

Tue Mar 22, 2005 9:00 pm

In 2.9 hotspot is working completely differently. either "/ip hotspot ip-binding" or "ip hotspot walled-garden ip" is your friend, I suppose. There is a manual for the new hotspot if you want some weekend reading.
 
mrchiless
just joined
Topic Author
Posts: 14
Joined: Fri Feb 04, 2005 12:02 pm

Tue Mar 22, 2005 11:14 pm

In 2.9 hotspot is working completely differently. either "/ip hotspot ip-binding" or "ip hotspot walled-garden ip" is your friend, I suppose. There is a manual for the new hotspot if you want some weekend reading.
Looking at the manual,

/ip hotspot ip-binding seems to be aim at client IP's and not a whole subnet.

I need to allow the user thru based on there src-address ( being the whole class c)

/ip hotspot walled-garden ip allows for src-address but when i try
ip hotspot walled-garden add src-address=192.168.2.0/24 action=allow server=hs-Internal it doesn't work
 
User avatar
lastguru
Member
Member
Posts: 432
Joined: Fri May 28, 2004 9:04 pm
Location: Certified Trainer/Consultant in Riga, Latvia
Contact:

Wed Mar 23, 2005 12:50 pm

You mean that those from 192.168.2.0/24 are still required to authenticate? Did you put this rule to "ip hotspot walled-garden" or to "ip hotspot walled-garden ip"?
 
mrchiless
just joined
Topic Author
Posts: 14
Joined: Fri Feb 04, 2005 12:02 pm

Wed Mar 23, 2005 4:08 pm

You mean that those from 192.168.2.0/24 are still required to authenticate? Did you put this rule to "ip hotspot walled-garden" or to "ip hotspot walled-garden ip"?
I put then to "ip hotspot walled-garden" , and it works on the test router, but not on the production router it's not. Here is the configure's

Test
[admin@MikroTik] > ip hotspot walled-garden print
Flags: X - disabled, D - dynamic
0 src-address=192.168.2.0/24 action=allow

Production

[admin@HOTSPOT-GW] > ip hotspot walled-garden print
Flags: X - disabled, D - dynamic
0 src-address=210.x.xx.0/23 action=allow

1 src-address=203.xx.xx.0/24 action=allow

2 src-address=203.xx.xx.0/23 action=allow

Who is online

Users browsing this forum: GoogleOther [Bot], Kanzler and 83 guests