Thu Jun 16, 2011 11:09 pm
Hey Feklar... The /24 is route to me and i was able to get 2 ports to shrink down the only trouble i had if i did 3 was i have to do both /26's before i do the /27 if i did one /26 then a /27 it was still okay but soon as i tried to do a /26 again it for some reason made the default gateway the same as the /27 im not 100% sure why it did that. So i got that to work out okay for now.. I am running in to trouble thought pinging through and remote desktoping in through the hotspot. is there anyway to allow everything through the hotspot the only reason i want the hotspot is for authenication purposes and so my customers can take their computers from one AP to another in town and log in and have internet. I am route all public ips no private ones so no nating is being done. each AP will have a hotspot. Do you guys see anything wrong with this? if so please suggest a better way for me. I have also added in the ip binding to allow ICmp
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=167.142.XXX.129
gateway-status=167.142.XXX.129 reachable ether13 distance=1 scope=30
target-scope=10
1 ADC dst-address=67.55.XXX.0/26 pref-src=67.55.XXX.1 gateway=ether6
gateway-status=ether6 unreachable distance=0 scope=200
2 ADC dst-address=67.55.XXX.64/27 pref-src=67.55.XXX.67 gateway=ether7
gateway-status=ether7 reachable distance=0 scope=10
3 ADC dst-address=167.142.XXX.129/32 pref-src=167.142.XXX.132 gateway=ether13
gateway-status=ether13 reachable distance=0 scope=10
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=167.142.XXX.132/32 network=167.142.XXX.129 interface=ether13
actual-interface=ether13
1 address=67.55.XXX.1/26 network=67.55.XXX.0 interface=ether6
actual-interface=ether6
2 address=67.55.XXX.67/27 network=67.55.XXX.64 interface=ether7
actual-interface=ether7
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no