Community discussions

MikroTik App
 
gnuttisch
Member
Member
Topic Author
Posts: 308
Joined: Fri Sep 10, 2010 3:49 pm

Limiting access for Hotspot users

Wed Jun 13, 2012 10:34 am

Hi

We have a customer that wants to add Hotspot service to their restaurants.

They have today a ADSL from a ISP and a lan for their computers and other stuff, 192.168.1.1/24.

I want to configure a groove whit hotspot service that they just plugs in to their lan. The Problem is then that when the client is connected they can reach everything in their lan, 192.168.1.1/24.

What would be the best way to limit the hotspot users so that they only can reach the internet?
 
Devil
Member Candidate
Member Candidate
Posts: 170
Joined: Thu Jul 21, 2011 9:13 am

Re: Limiting access for Hotspot users

Wed Jun 13, 2012 4:44 pm

What's your setup?
I assume its ADSL -> Mikrotik -> LAN(Switch) -> Users
in this setup, Mikrotik router is unable to block the users to access to the LAN, as the users don't talk to the router for that matter. they could be blocked to talk to each other only if the switch could be configured to do so. you could try putting some clients on a different subnet to make them not to be able to talk to each other, but they just need to simply change their subnet and they'll be able to access again. the only secure way (if the switch is not manageable), is to create a separate network (with another switch), and connect it directly to another Mikrotik port, setup the hotspot on that and block any packet forwarding to the private network. that way, the costumers are only able to access to the internet and talk to each other and there won't be access to the other network.
If my assumptions about your network setup were wrong, please provide more detail.
 
gnuttisch
Member
Member
Topic Author
Posts: 308
Joined: Fri Sep 10, 2010 3:49 pm

Re: Limiting access for Hotspot users

Thu Jun 14, 2012 1:36 pm

No.

They have their on stuff.

I just want to connect a AP that services hotspot directly to their lan.
But when the client connects to the hotspot they will get completely access to the lan.

How can i limit the access for the client so that they only reaches internet?

the idea is to configure AP whit hotspot services on it and ship out to the customer that they simply can connect it to their own lan.
 
User avatar
shadowskippie
Member Candidate
Member Candidate
Posts: 213
Joined: Tue Dec 21, 2010 6:20 pm

Re: Limiting access for Hotspot users

Thu Jun 14, 2012 5:12 pm

well i'm guessing the groove just plugs into the edge of the already existing network

just give the ether port an IP address on the lan
setup the 0.0.0.0/0 route to point to the ADSL.
use a different address scheme on the antenna, say 192.168.2.1/24
setup a DHCP server on that antenna
remember to turn default forward off with the AP
add masquerade going out of the ether port
make sure all the devices in the 192.168.1.0/24 network are sitting in a small piece of the say 192.168 1 128/25 except the ADSL
then setup a firewall filter rule to block access to there

src-add 192.168.2.0/24 dst-add 192.168.1.128/25 action=drop


its either that or you could just put another Mtik device in the middle of the network and have everything run through that, it will grant you more control over the traffic

Who is online

Users browsing this forum: anav, hribowwwc, Nospam, syslog and 109 guests