Hi all,
I’m using MT (2.9.2) as hotspot authenticator in a university campus. I authenticate my users with hotspot, but MT applies NAT to them also if the configuration is done in “no masquerading” mode. is there a way to overcame this problem? Regards
do you have masquerade configured ?
provide us with config /ip firewall nat export
if there is masquerade rule disable it, if you do not use virtual IP addresses.
[admin@MikroTik] > ip firewall nat print dynamic
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat hotspot=from-client action=jump jump-target=hotspot
1 D chain=hotspot protocol=udp dst-port=53 action=redirect to-ports=64872
2 D chain=hotspot protocol=tcp dst-port=53 action=redirect to-ports=64872
3 D chain=hotspot protocol=tcp dst-port=80 hotspot=local-dst action=redirect to-ports=64873
4 D chain=hotspot protocol=tcp dst-port=443 hotspot=local-dst action=redirect to-ports=64875
5 D chain=hotspot protocol=tcp hotspot=!auth action=jump jump-target=hs-unauth
6 D chain=hotspot protocol=tcp hotspot=auth action=jump jump-target=hs-auth
7 D chain=hs-unauth protocol=tcp dst-port=80 action=redirect to-ports=64874
8 D chain=hs-unauth protocol=tcp dst-port=3128 action=redirect to-ports=64874
9 D chain=hs-unauth protocol=tcp dst-port=8080 action=redirect to-ports=64874
10 D chain=hs-unauth protocol=tcp dst-port=443 action=redirect to-ports=64875
11 D chain=hs-unauth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp
12 D chain=hs-auth protocol=tcp hotspot=http action=redirect to-ports=64874
13 D chain=hs-auth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp
[admin@MikroTik] >
masquerade is not enable
what is problem? 