It has 3 interfaces:
ether1 is connected to internal net for RADIUS and internal web requests
ether2 is connected to wireless AP
ether3 is connected to Internet.
Everything is working except for getting to external web sites. I can authenticate against RADIUS and get to internal web sites just fine, but I think the firewall rules (maybe?) are keeping me from getting to external web sites. I want clients to use ether3 for all web requests that are not internal.
ether2: Hotspot Interface address is 10.10.200.1
Clients get an address in range 10.10.200.50-10.10.200.55
ether1: Internal net address is 170.50.1.205 (changed for forum post)
ether3: External to internet address is 99.15.5.5 (changed for forum post)
Here's my hotspot config:
hotspot config:
feb/28/2005 09:35:18 by RouterOS 2.8.24
/ ip hotspot
set use-ssl=no hotspot-address=10.10.200.1 dns-name="hotspot.company.com"
status-autorefresh=1m universal-proxy=yes parent-proxy=0.0.0.0:3128
auth-requires-mac=yes auth-mac=no auth-mac-password=no
auth-http-cookie=no http-cookie-lifetime=1d
allow-unencrypted-passwords=no login-mac-universal=no
split-user-domain=no
/ ip hotspot profile
set default name="default" shared-users=1 mark-flow="hs-auth"
login-method=enabled-address keepalive-timeout=2m
/ ip hotspot walled-garden
add dst-host="^hotspot\.company\.com$" action=allow comment="" disabled=no
/ ip hotspot aaa
set use-radius=yes accounting=yes interim-update=0s
/ ip hotspot universal
add interface=ether2 address-pool=hs-pool-real idle-timeout=5m arp=all-arp
use-dhcp=yes addresses-per-mac=2 comment="" disabled=no
/ ip hotspot universal service-port
set ftp ports=21 disabled=no
Is it possible to add a rule or some rules for authenticated clients to route packets not destined for internal net to ether3 (go straight out to internet)?
