cylent
January 15, 2008, 3:11am
1
There are a few broken firewall rules in the hotspot firewall rules.
see image below:
[admin@MikroTik] > /ip firewall nat print all
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
1 I chain=hotspot action=jump jump-target=pre-hotspot
2 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=udp
3 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=tcp
4 D chain=hotspot action=redirect to-ports=64873 hotspot=local-dst dst-port=80 protocol=tcp
5 D chain=hotspot action=redirect to-ports=64875 hotspot=local-dst dst-port=443 protocol=tcp
6 D chain=hotspot action=jump jump-target=hs-unauth hotspot=!auth protocol=tcp
7 D chain=hotspot action=jump jump-target=hs-auth hotspot=auth protocol=tcp
8 D chain=hs-unauth action=redirect to-ports=64874 dst-port=80 protocol=tcp
9 D chain=hs-unauth action=redirect to-ports=64874 dst-port=3128 protocol=tcp
10 D chain=hs-unauth action=redirect to-ports=64874 dst-port=8080 protocol=tcp
11 D chain=hs-unauth action=redirect to-ports=64875 dst-port=443 protocol=tcp
12 I chain=hs-unauth action=jump jump-target=hs-smtp dst-port=25 protocol=tcp
13 D chain=hs-auth action=redirect to-ports=64874 hotspot=http protocol=tcp
14 I chain=hs-auth action=jump jump-target=hs-smtp dst-port=25 protocol=tcp
15 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
16 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=172.16.0.0/16
[admin@MikroTik] >
i heard rc2 or 3 doesnt have this problem. the thing is the download page doesnt have those versions. where can i find them?
Good morning - its like this from almost from beginning of v3.0 - this is feature:
jump is read because you don’t have any rules in that chain.
And did it actually broke something? - do you have any performance problems? NO!!!
cylent
January 15, 2008, 7:14am
3
macgaiver:
Good morning - its like this from almost from beginning of v3.0 - this is feature:
jump is read because you don’t have any rules in that chain.
And did it actually broke something? - do you have any performance problems? NO!!!
i say its broke cause my HOTSPOT DOESNT WORK. on a client machine the hotspot login page DOESNT show up.
I updated a 2.950 to 3rc14 and it works fine.
Scott
dawam
January 15, 2008, 9:07am
5
I had the same problem 3rc13 to 3rc14. on x86
After upgrade, Hotspot didn’t work and saw the same broken firewall too.
After rebooting the second time. Hotspot is working and no broken firewall rules displayed.
normis
January 15, 2008, 9:15am
6
As said - the firewall is not broken. It just shows that you have not completed the configuration, but still it works fine. probably the issue lies elsewhere. Why don’t you start by sending a supout.rif to support?
cylent
January 15, 2008, 9:21am
7
normis:
when you say i havent completed the configuration what are you referring to?
i narrowed it down to the server not communicating with the gateway (satellite modem)
at random times or during a power reset if i were to ping the modem it would give me timeout.
I am making a support.rif file and sending it now.
normis
January 15, 2008, 9:45am
8
read what the other poster said above:
jump is red because you don’t have any rules in that chain.
this is normal.
