Cant reach the Internet after setting up a Hotspot

gerryakabus · April 5, 2009, 6:53pm

Hi Please guys i really need a help here on this. I have a router board with two interfaces running RouterOs 3.10 with level 5 license. I configured hotspot to run on the wireless interface and the ethernet interface provided the connection to the internet. But any time the hotspot is enabled i cant reach the internet but if i disable it clients connecting through that interface will be able to reach the net again. Please i wil appreciate any help rendered on this

normis · April 6, 2009, 8:41am

post config from “/ip dns”, “/ip firewall” and other affected facilities

gerryakabus · April 6, 2009, 2:36pm

Here is the /ip dns configuration

jan/01/1970 04:50:00 by RouterOS 3.10

software id = TUNP-LTT

/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 primary-dns=10.0.0.217 secondary-dns=
41.204.224.22
/ip dns static
add address=41.204.224.2 disabled=no name="" ttl=1d
add address=41.204.224.22 disabled=no name="" ttl=1d

/Ip firewall configuration

jan/01/1970 05:44:45 by RouterOS 3.10

software id = TUNP-LTT

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network"
disabled=no src-address=10.0.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no
set pptp disabled=no

normis · April 7, 2009, 5:44am

first of all “set allow-remote-requests=no” should be “yes” so that the clients can use the hotspot device as a DNS server. Somehow you are missing quite a few rules, are you sure there is nothing else when you do “/ip firewall nat print” ?

gerryakabus · April 7, 2009, 8:16am

Thanks a lot normin for taking out your time to help me resolved this problem. Here is the other nat rule:
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
public

normis · April 7, 2009, 8:19am

you are missing several important rules.

i suggest the following:

do “/system reset” to clear ALL configuration
enable the intefaces that you will use, add IP addresses
run hotspot setup and fill all the fields that you can (except certificate and DNS name if you won’t use them)