Community discussions

MikroTik App
 
User avatar
BigSky
newbie
Topic Author
Posts: 26
Joined: Tue Aug 24, 2010 11:45 pm
Location: Montana, US

Can't ping device past hotspot

Wed Jan 04, 2012 6:58 pm

I have the current setup: RB750GL --> Ubiquiti PicostationM2 (as AP)

Hotspot is 10.2.55.129 on Ethernet port 2 where the Picostation is plugged in. The Picostation is in bridge mode with 10.2.55.130 and .129 as gateway. Everything works great, but I can't log into the Picostation, nor can I ping it. It's something in the firewall rules automatically created by hotspot, but I can't figure out which one.

Can anyone help? I'd like to be able to at least ping it for monitoring purposes.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Can't ping device past hotspot

Fri Oct 26, 2012 5:22 pm

Have you solved it already? How?
 
User avatar
BigSky
newbie
Topic Author
Posts: 26
Joined: Tue Aug 24, 2010 11:45 pm
Location: Montana, US

Re: Can't ping device past hotspot

Fri Oct 26, 2012 6:31 pm

Yes, I finally did. Sorry I didn't post the solution.

You need to add entries into the firewall to jump the pre-existing hotspot rules. There needs to Filter Rules created for both the source & destination of the device IP that allows access to & from unauthorized users to a client.

Example:
IP of device 192.168.1.30

Entry 1 - Create Filter Rule for a new chain that accepts
/ip firewall filter add action=accept chain=device-manage disable=no

Entry 2 - Create a Filter Rule for the source address of the device
/ip firewall filter add action=jump chain=forward disable=no hotspot=from-client,!auth jump-target=device-manage src-address=192.168.1.30

Entry 3 - Create a Filter Rule for the destination address of the device
/ip firewall filter add action=jump chain=forward disable=no hotspot=to-client,!auth jump-target=device-manage dst-address=192.168.1.30

Make sure entries 2 & 3 are above the preset hotspot filter rules and you'll have access to your device.
 
baasit
just joined
Posts: 12
Joined: Mon Mar 09, 2009 1:35 pm

Re: Can't ping device past hotspot

Tue Jul 02, 2013 12:34 am

hey
just read ur posts. i m facing the same prob i've installed APs after every 100 meters clients can connect through these access points but i m unable to ping these devices untill or unless some one is conected or logged in via these devices.... i ve added filter rules as u have shown but still it dosnt work fr me here is the export:


/ip firewall filter
add action=jump chain=forward disabled=no hotspot=from-client,!auth jump-target=devices src-address=10.10.10.11-10.10.10.50
add action=jump chain=forward disabled=no dst-address=10.10.10.11-10.10.10.50 hotspot=to-client,!auth jump-target=devices
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=devices disabled=no
[admin@MikroTik] >




so any help!
 
User avatar
BigSky
newbie
Topic Author
Posts: 26
Joined: Tue Aug 24, 2010 11:45 pm
Location: Montana, US

Re: Can't ping device past hotspot

Tue Jul 02, 2013 1:23 am

baasit,

Just to clarify, are you saying that you can ping the AP device when there's a client connected to it? If so, I think there's something else going on.

Otherwise, I'd try to just do a single IP address instead of a range. I don't know why that would make a different, but start with one. Also, make sure these filter rules are at the top of the list, otherwise they'll be blocked by the default hotspot filter rules. Rule order is important.

Below is my export that is working for me:

/ip firewall filter

add action=jump chain=forward comment="Hotspot device access" disabled=no hotspot=from-client,!auth jump-target=device-manage src-address=10.2.58.130
add action=jump chain=forward comment="Hotspot device access" disabled=no dst-address=10.2.58.130 hotspot=to-client,!auth jump-target=device-manage
add action=accept chain=device-manage disabled=no

Good luck.
 
baasit
just joined
Posts: 12
Joined: Mon Mar 09, 2009 1:35 pm

Re: Can't ping device past hotspot

Wed Jul 03, 2013 7:09 pm

i have applied the as u've provided in the export but still it isn't working

here is my export:

/ip firewall filter
add action=accept chain=device-manage disabled=no
add action=jump chain=forward comment="Hotspot device access" disabled=no hotspot=from-client,!auth jump-target=device-manage src-address=10.10.10.15
add action=jump chain=forward comment="Hotspot device access" disabled=no dst-address=10.10.10.15 hotspot=to-client,!auth jump-target=device-manage
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=no
[admin@MikroTik] >




yup u are right something else is going on because wenever there is client connected via a device i can ping it



Any thoughts!
 
User avatar
BigSky
newbie
Topic Author
Posts: 26
Joined: Tue Aug 24, 2010 11:45 pm
Location: Montana, US

Re: Can't ping device past hotspot

Thu Jul 04, 2013 12:38 am

Boy, I really don't. It almost seems like it needs an established connection before it allows it through the firewall. What kind of AP are you using? Is it just in bridge mode? Can you test with a different type of AP? Just grabbing at straws here...
 
n5jtt
just joined
Posts: 18
Joined: Sun Dec 05, 2004 3:55 pm
Location: Wichita Falls Texas

Re: Can't ping device past hotspot

Sat Aug 23, 2014 9:03 pm

I have same problem. Where do the rules go in the firewall rules. I also use ubiquiti products as ap behind a mikrotik router running Hotspot.
 
User avatar
BigSky
newbie
Topic Author
Posts: 26
Joined: Tue Aug 24, 2010 11:45 pm
Location: Montana, US

Re: Can't ping device past hotspot

Mon Aug 25, 2014 5:42 pm

The rules I have listed above go under "Filter Rules"
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 14 guests