Community discussions

MikroTik App
 
FASSIA
just joined
Topic Author
Posts: 23
Joined: Mon Apr 17, 2006 6:02 pm

Hotspot firewall rules

Tue May 15, 2007 2:20 am

Hi guys,

Anybody know were can I found the explanation of the dynamic rules and "variables" ("auth", "to-client", "from client") that use Hotspot?

thanks you very so much!

Regards
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Tue May 15, 2007 10:03 am

HotSpot firewall rules described here,
http://www.mikrotik.com/testdocs/ros/2. ... hp#7.41.14
 
FASSIA
just joined
Topic Author
Posts: 23
Joined: Mon Apr 17, 2006 6:02 pm

Tue May 15, 2007 8:17 pm

okey, thanks Sergejs.

I read it and understand it.

But I have a little problem. I want that a Hotspot registered user with a special mark in its pakets, only can navigate the WalledGarden.

here are my filter and nat firewall parts:

Image

Image
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Wed May 16, 2007 3:32 pm

I do not undestand your question. Any user can navigate walled-garden pages, registred user may navigate all pages. If you need configuration that registred user will be able to navigate only few pages, then additional static firewall rules will be reuqired to accomplish this.
 
FASSIA
just joined
Topic Author
Posts: 23
Joined: Mon Apr 17, 2006 6:02 pm

Wed May 16, 2007 5:47 pm

My system works as following:

- All my clients login using hotspot
- To validate the clients I use radius+SQL
- When the client login, if the radius server reply with a Mark-Id (such as "Account_Disabled") the client would be redirected to its account status page, were it said that he had to paid to continue navigating; and the only page that he could navigate would be the account status page. If the radius server do not repply any mark (because the client had paid), the client will navigate normally.

I tried to use pre-hs-input chain in filter to reject packets with the "Account_Disabled" mark, but I do not know the reason it isn't working.

Regards

Who is online

Users browsing this forum: A9691, GoogleOther [Bot], GuJack20, hatred, korg, mojojojo and 71 guests