Hi everyone,
We are having a few issues setting up browsing filtering on a public hotspot and wanted some feedback on what others have done.
We have started with our preferred solutions which we are having trouble with, we have a third party who can do the filtering for us, their process is to put a routing mark on packets coming from the hotspot subnet and put in a default route for that routing mark going through a gre tunnel to their servers for inspection. After inspection one of 2 things should happen a) it is allowed and the packet gets past to its original destination with the source IP of the hotspot intact forcing a triangular route as the return packet goes direct or b) The destination is rejected and a reject packet is returned direct to the hotspot (Also triangular), the only way I can see to allow this to happen is to allow invalid packets, but even with that happening the filtering is still not working and I can still reach dis-allowed addresses
I also wonder if anyone has managed to find a decent way of content filtering direct with the mikrotik (i.e grabbing a known bad list af addresses and somehow filtering those)
Your thoughts are appreciated
Cheers
Nick