Hotspot firewall rules

FASSIA · May 14, 2007, 11:20pm

Hi guys,

Anybody know were can I found the explanation of the dynamic rules and “variables” (“auth”, “to-client”, “from client”) that use Hotspot?

thanks you very so much!

Regards

sergejs · May 15, 2007, 7:03am

HotSpot firewall rules described here,
http://www.mikrotik.com/testdocs/ros/2.9/ip/hotspot_content.php#7.41.14

FASSIA · May 15, 2007, 5:17pm

okey, thanks Sergejs.

I read it and understand it.

But I have a little problem. I want that a Hotspot registered user with a special mark in its pakets, only can navigate the WalledGarden.

here are my filter and nat firewall parts:

sergejs · May 16, 2007, 12:32pm

I do not undestand your question. Any user can navigate walled-garden pages, registred user may navigate all pages. If you need configuration that registred user will be able to navigate only few pages, then additional static firewall rules will be reuqired to accomplish this.

FASSIA · May 16, 2007, 2:47pm

My system works as following:

All my clients login using hotspot
To validate the clients I use radius+SQL
When the client login, if the radius server reply with a Mark-Id (such as “Account_Disabled”) the client would be redirected to its account status page, were it said that he had to paid to continue navigating; and the only page that he could navigate would be the account status page. If the radius server do not repply any mark (because the client had paid), the client will navigate normally.

I tried to use pre-hs-input chain in filter to reject packets with the “Account_Disabled” mark, but I do not know the reason it isn’t working.

Regards