Connecting to the internet

vpatton · July 21, 2004, 8:58pm

I’m setting up a Mikrotik Hotspot for the first time and I notice I have to set proxy settings in the browser manually to connect. Is there a setting I’m missing or is it necessary to connect throught the hotspot.
Basically I would like to have someone turn on a laptop and bring up the login page for the microtik without having to set the proxy settings in the browser manually.

Eugene · July 22, 2004, 10:02am

You can use web proxy in transparent mode, for more information refer to:
http://www.mikrotik.com/docs/ros/2.8/ip/webproxy.main.8

vpatton · July 22, 2004, 7:49pm

Thank you for the assistance, but I’m still having problems.
I entered the line that was given on the web page, but it still does not work. I also seem to be having some other problems. I cannot connect to the router ftp, winbox or telnet. I have set everything back to factory defaults went through the instructions. I still cannot do it.

vpatton · July 23, 2004, 2:50pm

Forget what I said about not being able to connect to winbox. I figured out where I went wrong there.

But that transparent proxy rule for the firewall did not change anything.

Eugene · July 23, 2004, 2:58pm

Can you post a printout from export command in /ip firewall and /ip web-proxy submenus?

vpatton · July 23, 2004, 3:48pm

IP Firewall

set input name=“input” policy=accept comment=“”
set forward name=“forward” policy=accept comment=“”
set output name=“output” policy=accept comment=“”
add name=“hotspot-temp” policy=none comment=“limit unauthorized hotspot
clients”
add name=“hotspot” policy=none comment=“account authorized hotspot clients”
/ ip firewall rule forward
add in-interface=wlan1 action=jump jump-target=hotspot-temp comment=“limit
access for unauthorized hotspot clients” disabled=no
add action=jump jump-target=hotspot comment=“account traffic for authorized
hotspot clients” disabled=no
/ ip firewall rule hotspot
add action=accept comment=“” disabled=no
/ ip firewall rule hotspot-temp
add flow=hs-auth action=return comment=“return, if connection is authorized”
disabled=no
add protocol=icmp action=return comment=“allow ping requests” disabled=no
add dst-address=:53 protocol=udp action=return comment=“allow dns requests”
disabled=no
add action=jump jump-target=hotspot comment=“reject access for unauthorized
hotspot clients” disabled=no
/ ip firewall rule input
add in-interface=wlan1 dst-address=:80 protocol=tcp action=jump
jump-target=hotspot comment=“account traffic from hotspot clients to
hotspot servlet” disabled=no
add in-interface=wlan1 dst-address=:80 protocol=tcp action=accept
comment=“accept requests for hotspot servlet” disabled=no
add in-interface=wlan1 dst-address=:67 protocol=udp action=accept
comment=“accept requests for local DHCP server” disabled=no
add in-interface=wlan1 action=jump jump-target=hotspot-temp comment=“limit
access for unauthorized hotspot clients” disabled=no
/ ip firewall rule output
add src-address=:80 out-interface=wlan1 protocol=tcp action=jump
jump-target=hotspot comment=“account traffic from hotspot servlet to
hotspot clients” disabled=no
/ ip firewall dst-nat
add src-address=:80 in-interface=wlan1 dst-address=:8081 protocol=tcp
action=redirect to-dst-port=8081 comment=“transparent HTTP proxy for
hotspot clients” disabled=no
add dst-address=:53 protocol=udp action=redirect comment=“intercept all DNS
requests” disabled=no
add in-interface=wlan1 protocol=tcp flow=!hs-auth action=redirect
to-dst-port=80 comment=“redirect unauthorized hotspot clients to hotspot
service” disabled=no
add dst-address=:25 protocol=tcp action=nat to-dst-address=63.98.108.4
comment=“send e-mails through our SMTP server” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall src-nat
add src-address=10.5.50.0/24 action=masquerade comment=“masquerade hotspot
network” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m
tcp-established-timeout=5d tcp-fin-wait-timeout=2m
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m

IP Web-Proxy

/ ip web-proxy
set enabled=no src-address=0.0.0.0 port=3128 hostname=“proxy”
transparent-proxy=no parent-proxy=0.0.0.0:0
cache-administrator=“webmaster” max-object-size=“4096 kB”
cache-drive=system max-cache-size=none
/ ip web-proxy access
add dst-port=!443,563 method=connect action=deny comment=“allow CONNECT only
to SSL ports 443 [https] and 563 [snews]” disabled=no
/ ip web-proxy cache
add url=“cgi-bin \?” action=deny comment=“don’t cache dynamic http pages”
disabled=no

vpatton · July 23, 2004, 3:50pm

I’ve been messing with the firewall setting this morning, so they may look a little goofed up.

Eugene · July 23, 2004, 3:59pm

/ ip web-proxy
set enabled=no src-address=0.0.0.0 port=3128 hostname=“proxy”
transparent-proxy=no parent-proxy=0.0.0.0:0
cache-administrator=“webmaster” max-object-size=“4096 kB”
cache-drive=system max-cache-size=none

It seems that you have web-proxy disabled on your router. Maybe you need to re-read the manual…

vpatton · July 23, 2004, 4:02pm

Ahhhh…
Feeling stupid now and I’m just gonna go with that felling. Thanks for the help

vpatton · July 23, 2004, 4:34pm

This is what it looks like now

IP Web Proxy
set enabled=yes src-address=0.0.0.0 port=8081 hostname=“proxy”
transparent-proxy=yes parent-proxy=0.0.0.0:0
cache-administrator=“webmaster” max-object-size=“4096 kB”
cache-drive=system max-cache-size=none
/ ip web-proxy access
add dst-port=!443,563 method=connect action=deny comment=“allow CONNECT only
to SSL ports 443 [https] and 563 [snews]” disabled=no
/ ip web-proxy cache
add url=“cgi-bin \?” action=deny comment=“don’t cache dynamic http pages”
disabled=no

IP Firewall

set input name=“input” policy=accept comment=“”
set forward name=“forward” policy=accept comment=“”
set output name=“output” policy=accept comment=“”
add name=“hotspot-temp” policy=none comment=“limit unauthorized hotspot
clients”
add name=“hotspot” policy=none comment=“account authorized hotspot clients”
/ ip firewall rule forward
add in-interface=wlan1 action=jump jump-target=hotspot-temp comment=“limit
access for unauthorized hotspot clients” disabled=no
add action=jump jump-target=hotspot comment=“account traffic for authorized
hotspot clients” disabled=no
/ ip firewall rule hotspot-temp
add flow=hs-auth action=return comment=“return, if connection is authorized”
disabled=no
add protocol=icmp action=return comment=“allow ping requests” disabled=no
add dst-address=:53 protocol=udp action=return comment=“allow dns requests”
disabled=no
add action=reject comment=“reject access for unauthorized hotspot clients”
disabled=no
/ ip firewall rule input
add in-interface=wlan1 dst-address=:80 protocol=tcp action=jump
jump-target=hotspot comment=“account traffic from hotspot clients to
hotspot servlet” disabled=no
add in-interface=wlan1 dst-address=:80 protocol=tcp action=accept
comment=“accept requests for hotspot servlet” disabled=no
add in-interface=wlan1 dst-address=:67 protocol=udp action=accept
comment=“accept requests for local DHCP server” disabled=no
add in-interface=wlan1 action=jump jump-target=hotspot-temp comment=“limit
access for unauthorized hotspot clients” disabled=no
/ ip firewall rule output
add src-address=:80 out-interface=wlan1 protocol=tcp action=jump
jump-target=hotspot comment=“account traffic from hotspot servlet to
hotspot clients” disabled=no
/ ip firewall dst-nat
add dst-address=:53 protocol=udp action=nat to-dst-address=63.98.108.1
comment=“intercept all DNS requests” disabled=no
add in-interface=wlan1 protocol=tcp flow=!hs-auth action=redirect
to-dst-port=80 comment=“redirect unauthorized hotspot clients to hotspot
service” disabled=no
add dst-address=:25 protocol=tcp action=nat to-dst-address=63.98.108.4
comment=“send e-mails through our SMTP server” disabled=no
add in-interface=wlan1 dst-address=:80 protocol=tcp action=redirect
to-dst-port=80 comment=“transparent HTTP proxy for hotspot clients”
disabled=no
add in-interface=wlan1 dst-address=!10.5.50.1/32:80 protocol=tcp
action=redirect to-dst-port=8081 comment=“” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall src-nat
add src-address=10.5.50.0/24 action=masquerade comment=“masquerade hotspot
network” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m
tcp-established-timeout=5d tcp-fin-wait-timeout=2m
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m

For some reason it still will not work

vpatton · July 23, 2004, 4:41pm

Nevermind I figured out what I was doing Thanks for all of your help