Hotspot Disconnects LAN to LAN Problems

mhdganji · August 16, 2012, 12:44pm

Hi !
I have a problem with setting a Hotspot
when I set it up, even PC’s in Local subnet can not reach each other.
assume i have 192.168.10.0/24 subnet
very clearly when 192.168.10.5 wants to communicate with 192.168.10.10, there is no need to go to Gateway (mikrotik)
but strangely after setting hotspot their connection fails, removing hotspot or putting them in bypassed bindings solve the problem, so definitely we should blame hotspot for this.
can you give me a clarification on this please

SurferTim · August 16, 2012, 1:25pm

To allow localnet access, you must disable the hotspot universal NAT. It causes arp poisoning on the localnet.

/ip hotspot
set 0 address-pool=none

mhdganji · August 16, 2012, 6:14pm

Thanks So Much
Would You Please Give Me A Brief on This Feature (Hotspot Universal NAT)
And Why It Can Lead To Arp Poisoning

SurferTim · August 16, 2012, 7:42pm

The universal nat will try to intercept any traffic on the localnet. To do that, it attempts to answer for any destination ip on the localnet, including the legitimate ips.

mhdganji · August 17, 2012, 4:51am

hmmm
sounds interesting
and why hotspot tries to interfere, intercept and answer any dst ip on the local net ?
is this logical, ? i mean what do you think, is it good by design ?
I cannot see any benefit here

SurferTim · August 17, 2012, 9:58am

The universal nat allows client computers that have a static ip assigned to use the hotspot. If your network is not exposed to the public, then the nat is not necessary.

It works great for my business. I sell pay-per-day internet to tourists. It allows static ip computers to use it, and as an added benefit, it keeps my customers from trying to hack each other’s computers.

mhdganji · August 17, 2012, 10:16am

Yes, You are right
it will be very useful for some services like hotspots in hotels and airports
in some access points we have such capability too (named isolation) people cannot go through AP and connect to another client
but i have a networking question. how mikrotik can do this ? how can i do it with a program or another router ?
I mean when connecting to another IP in LAN, my packets won’t go to DG (my router), they just crawl in the switch ports and reach the destination.
now how can mikrotik puts itself in the middle of all these packets and intercept them
i am very curious to know about this
Thanks