Community discussions

MikroTik App
  4. RouterOS
  5. General

Problems with hotspot!

Post Reply
 
chadii
just joined
Topic Author
Posts: 24
Joined: Mon May 24, 2010 9:54 pm

Problems with hotspot!

Fri Dec 16, 2011 7:09 pm

Guys Im having an issue with my hotspot, the client without login in he can use msn and skype, and whatever program that doesnt require
port 80. Its that normal? Thank you!
Top
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Problems with hotspot!

Sat Dec 17, 2011 12:59 pm

"Normal" for the hotspot service is all ports are blocked, and port 80 is redirected to the login page until the client logs in.
Top
 
User avatar
alexandro
just joined
Posts: 24
Joined: Mon Jun 06, 2011 11:03 am
Location: Lebanon
Contact:
Contact alexandro

Re: Problems with hotspot!

Sat Dec 17, 2011 1:10 pm

may you post your ip firewall filter and nating.
Top
 
chadii
just joined
Topic Author
Posts: 24
Joined: Mon May 24, 2010 9:54 pm

Re: Problems with hotspot!

Sat Dec 17, 2011 2:18 pm

Sure, Ill take a quick look at my firewall rules and see if I find something, if I dont ill post it here for u guys!!
Top
 
User avatar
cybercoder
Member Candidate
Member Candidate
Posts: 175
Joined: Tue Dec 07, 2010 11:20 pm
Location: Guilan, Iran
Contact:
Contact cybercoder

Re: Problems with hotspot!

Sat Dec 17, 2011 2:55 pm

check the Walled Garden & Walled Garden IP
Top
 
chadii
just joined
Topic Author
Posts: 24
Joined: Mon May 24, 2010 9:54 pm

Re: Problems with hotspot!

Fri Dec 23, 2011 3:35 pm

Nahh I just couldnt find my mistake. Here is my filter rules, that goes before the hotspot blocking rules;


/ip firewall filter
add action=accept chain=forward comment="Libera Rede Interna" disabled=no dst-address-list="Rede Loja" src-address-list="Rede Loja"
add action=accept chain=forward comment="Libera Aracu" disabled=no src-address=201.41.70.175
add action=accept chain=forward disabled=no dst-address=201.41.70.175
add action=drop chain=forward comment="Barra Acesso Externo \E0 Porta 80" disabled=no dst-address-list="Rede Interna" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=drop chain=forward disabled=no dst-address-list="Rede Loja" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=drop chain=forward disabled=no dst-address-list="Rede Valida" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=accept chain=forward comment="Libera SpeedR" disabled=no src-address=192.168.254.2
add action=accept chain=forward disabled=no dst-address=192.168.254.2
add action=accept chain=forward comment="Libera ping cliente Servidor" disabled=no dst-address=189.50.123.190 protocol=icmp src-address-list="Rede Interna"
add action=accept chain=forward comment="Libera ping Loja" disabled=no src-address=10.174.100.0/24
add action=accept chain=forward disabled=no dst-address=10.174.100.0/24
add action=accept chain=input comment="Libera Radius" disabled=no src-address=186.226.70.2
add action=accept chain=forward comment="Libera Ping Servidor" disabled=no src-address=186.226.70.2
add action=accept chain=forward disabled=no dst-address=186.226.70.2
add action=accept chain=input comment="Controle de ICMP Input" disabled=no limit=50/5s,3 protocol=icmp
add action=drop chain=input disabled=no protocol=icmp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Adiciona \E0 lista de Port Scanners" disabled=no protocol=tcp psd=\
21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropa Port Scanners" disabled=no src-address-list="port scanners"
add action=accept chain=forward comment="Espaco Entre Regras" disabled=yes
add action=accept chain=input comment="Limite SSH na Input" disabled=no dst-port=22 limit=5,5 protocol=tcp src-address-list=186.226.70.2
add action=drop chain=input disabled=no dst-port=22 protocol=tcp
add action=accept chain=forward comment="Limita SSH" disabled=no dst-port=22 limit=5,1 protocol=tcp
add action=drop chain=forward comment="Dropa SSH Que Limitar Regra" disabled=no dst-port=22 protocol=tcp
add action=drop chain=input comment="Barra Brute Force SSH" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=\
ssh_stage3
add action=reject chain=forward comment="Barra ICMP entre Clientes" disabled=no dst-address-list="Rede Interna" protocol=icmp reject-with=icmp-host-unreachable src-address-list=\
"Rede Interna"
add action=accept chain=forward comment="Limita ICMP" disabled=no limit=20,2 protocol=icmp src-address=!186.226.70.2
add action=drop chain=forward comment="Dropa o que passar do limite" disabled=no protocol=icmp
add action=accept chain=input comment="Libera WebFig" disabled=no dst-port=8082 limit=10,5 protocol=tcp
add action=accept chain=input comment="Libera Winbox Mesmo N Logado" disabled=no dst-port=8291 protocol=tcp
add action=accept chain=forward comment="Libera Rede V\E1lida" disabled=no dst-address=186.226.70.0/24
add action=accept chain=forward disabled=no src-address=186.226.70.0/24
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
Top
Post Reply

Who is online

Users browsing this forum: Kanzler, pajapatak and 127 guests
  4. RouterOS
  5. General