hotspot problems (again)

cylent · January 13, 2008, 5:51pm

This is sort of part 2 of my previous thread but things are a bit different now.

Problem: Hotspot page takes forever to appear and timesout most of the time.
I do get an IP on the client machine however the hotspot page takes a very long IF it decides to appear. 99% of the time the hotspot page does NOT appear.

Heres the configuration I have:

first the interfaces:

[paul@MikroTik] /interface> print
Flags: X - disabled, R - running, D - dynamic, S - slave 
 #    NAME                                               TYPE             MTU  
 0 R  eth1-builtin-INET-IN                               ether            1500 
 1 R  eth2-EXT-INET-OUT                                  ether            1500 
 2 R  wlan1                                              wlan             1500 
[paul@MikroTik] /interface>

Now, IP’s for the interfaces:

[paul@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE                                            
 0   ;;; INET IN card
     10.223.167.99/27   10.223.167.96   10.223.167.127  eth1-builtin-INET-IN                                 
 1   ;;; hotspot network
     10.5.50.1/24       10.5.50.0       10.5.50.255     eth2-EXT-INET-OUT                                    
 2   172.16.0.1/16      172.16.0.0      172.16.255.255  wlan1                                                
[paul@MikroTik] /ip address>

ROUTE

[paul@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY-STATE GATEWAY         DISTANCE INTERFACE                                             
 0 A S  0.0.0.0/0                          reachable     10.223.167.97   1        eth1-builtin-INET-IN                                  
                                           reachable     eth2-EXT-INE...          eth2-EXT-INET-OUT                                     
 1 ADC  10.5.50.0/24       10.5.50.1                                     0        eth2-EXT-INET-OUT                                     
 2 ADC  10.223.167.96/27   10.223.167.99                                 0        eth1-builtin-INET-IN                                  
 3 ADC  172.16.0.0/16      172.16.0.1                                    0        wlan1                                                 
[paul@MikroTik] /ip route>

Now the hotspot servers:

[paul@MikroTik] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS 
 #   NAME                                                         INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
 0   hotspot1                                                     eth2-E... hs-pool-2    hsprof1 5m          
 1   wlanHOTSPOT                                                  wlan1     hs-pool-2    hsprof1 5m          
[paul@MikroTik] /ip hotspot>

Hotspot Profiles:

[paul@MikroTik] /ip hotspot profile> print
Flags: * - default 
 0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" 
     http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d 
     split-user-domain=no use-radius=no 

 1   name="hsprof1" hotspot-address=10.5.50.1 dns-name="" html-directory=hotspot rate-limit="" 
     http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d 
     split-user-domain=no use-radius=no 
[paul@MikroTik] /ip hotspot profile>

DHCP Server:

[paul@MikroTik] /ip hotspot profile> /ip dhcp-server 
[paul@MikroTik] /ip dhcp-server> print
Flags: X - disabled, I - invalid 
 #   NAME                                           INTERFACE RELAY           ADDRESS-POOL LEASE-TIME ADD-ARP
 0   eth-ips                                        eth2-E...                 hs-pool-2    1h        
 1   wlan-IPs                                       wlan1                     hs-pool-2    1h        
[paul@MikroTik] /ip dhcp-server>

IP Pool: (i decided to share it between both wlan and eth hotspot networks)

[paul@MikroTik] /ip pool> print
 # NAME                                                                       RANGES                         
 0 hs-pool-2                                                                  10.5.50.2-10.5.50.254          
[paul@MikroTik] /ip pool>

and now for the NAT: (now since this is RC14 i dont know if there are errors but i did find after doing the hotspot setup there were invalid NAT entries that I decided to delete since they were not working anyhow.

[paul@MikroTik] /ip firewall nat> print all
Flags: X - disabled, I - invalid, D - dynamic 
 0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client 

 1 I chain=hotspot action=jump jump-target=pre-hotspot 

 2 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=udp 

 3 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=tcp 

 4 D chain=hotspot action=redirect to-ports=64873 hotspot=local-dst dst-port=80 protocol=tcp 

 5 D chain=hotspot action=redirect to-ports=64875 hotspot=local-dst dst-port=443 protocol=tcp 

 6 D chain=hotspot action=jump jump-target=hs-unauth hotspot=!auth protocol=tcp 

 7 D chain=hotspot action=jump jump-target=hs-auth hotspot=auth protocol=tcp 

 8 D chain=hs-unauth action=redirect to-ports=64874 dst-port=80 protocol=tcp 

 9 D chain=hs-unauth action=redirect to-ports=64874 dst-port=3128 protocol=tcp 

10 D chain=hs-unauth action=redirect to-ports=64874 dst-port=8080 protocol=tcp 

11 D chain=hs-unauth action=redirect to-ports=64875 dst-port=443 protocol=tcp 

12 I chain=hs-unauth action=jump jump-target=hs-smtp dst-port=25 protocol=tcp 

13 D chain=hs-auth action=redirect to-ports=64874 hotspot=http protocol=tcp 

14 I chain=hs-auth action=jump jump-target=hs-smtp dst-port=25 protocol=tcp 

15 X ;;; place hotspot rules here
     chain=unused-hs-chain action=passthrough 

16   ;;; masquerade hotspot network
     chain=srcnat action=masquerade src-address=10.5.50.0/24

I know this maybe a lot to put together but i am really lost and cant figure out why hotspot is acting the way it is.

pls help

SurferTim · January 13, 2008, 7:17pm

Greetings!
Try:
/ip dns print
Usually the “slow-to-failing login page” problem is due to incorrect dns settings.

cylent · January 13, 2008, 7:38pm

Thanks for reminding me. I forgot to share those values.

They are correct though;

[paul@MikroTik] > /ip dns print
            primary-dns: 10.223.167.97
          secondary-dns: 192.168.129.50
  allow-remote-requests: no
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 17KiB
[paul@MikroTik] >

SurferTim · January 13, 2008, 8:54pm

That is what I thought.

/ip dns set allow-remote-requests=yes

That should take care of the problem (EDIT:) IF those IPs are in fact valid DNS servers.

cylent · January 13, 2008, 9:33pm

That still did not solve the problem.

i even did a /system reset TWICE

when i do a system reset i am performing the following steps:

i pull up interfaces, rename the interfaces so i know whats what.
i then enable the WLAN interface.

I assign the interfaces IP like so

[paul@MikroTik] ip> address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE       
 0   10.223.167.99/27   10.223.167.96   10.223.167.127  INTERNAL-NET--IN
 1   172.16.0.1/16      172.16.0.0      172.16.255.255  wlan1           
 2   10.0.0.1/24        10.0.0.0        10.0.0.255      EXT--ETH-HOT    
[paul@MikroTik] ip>

then I add the route to the gateway satellite modem:

[paul@MikroTik] ip route> print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        G GATEWAY         DIS
 0 A S  0.0.0.0/0                          r 10.223.167.97   1  
 1 ADC  10.0.0.0/24        10.0.0.1                          0  
 2 ADC  10.223.167.96/27   10.223.167.99                     0  
 3 ADC  172.16.0.0/16      172.16.0.1                        0  
[paul@MikroTik] ip route>

then i create TWO hotspot servers. One for the EXT interface and one for the WLAN inerface.

I then walk up to a close point where i can get a connection. I get an IP automatically and i open Internet Explorer then i get a timeout. No login page or anything.

If i were to type in the gateway IP according to the DHCP ip information the laptop gets I get the logon page. I login but i still cant browse.

and yes. I do have “Allow remote requests” enabled (checked)

I even tried with 4.2.2.2 as DNS servers. STILL nothing.

SurferTim · January 13, 2008, 9:43pm

I am not going to go through all the firewall stuff right now, but you should take a look at your dhcp server ip pool. You need to get those IPs in a range where they are localnet to each interface (in the same netmask). Now they are local to neither.

cylent · January 13, 2008, 9:56pm

ok well i reset again and this time i only created a hotspot for the ether2 interface.
i setup the IPs like so:

[paul@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE     
 0   10.223.167.99/27   10.223.167.96   10.223.167.127  ether1-inet-in
 1   172.16.0.1/24      172.16.0.0      172.16.0.255    wlan1         
 2   10.0.0.1/24        10.0.0.0        10.0.0.255      ether2-hot-lan
[paul@MikroTik] >

wlan1 and ether2 are using the same netmask which is what i assume you’re talking about.

yet still. when i obtain an ip on my laptop i cant get a hotspot logon page.

cylent · January 13, 2008, 10:07pm

Problem Solved:

I dont know why but i found the routing package DISABLED

when i went into /system packages print

i found the following

[paul@MikroTik] system package> print
Flags: X - disabled 
 #   NAME                      VERSION                  SCHEDULED              
 0   routeros-x86              2.9.50                                          
 1   hotspot                   2.9.50                                          
 2   system                    2.9.50                                          
 3 X rstp-bridge-test          2.9.50                                          
 4   dhcp                      2.9.50                                          
 5   web-proxy                 2.9.50                                          
 6   ups                       2.9.50                                          
 7   synchronous               2.9.50                                          
 8 X webproxy-test             2.9.50                                          
 9   routerboard               2.9.50                                          
10   ntp                       2.9.50                                          
11   wireless                  2.9.50                                          
12 X wireless-crd              2.9.50                                          
13 X wireless-legacy           2.9.50                                          
14 X routing-test              2.9.50                                          
15 X routing                   2.9.50                                          
16   ppp                       2.9.50                                          
17   security                  2.9.50                                          
18   advanced-tools            2.9.50                                          
19   user-manager              2.9.50                                          
[paul@MikroTik] system package>

i enabled ROUTING and its STILL not working.

cylent · January 14, 2008, 9:53am

i added two new lan adapters and ditched the onboard gigabyte one and now the system seems to be ok.

[admin@MikroTik] > system resource pci print
 # DEVICE   VENDOR                       NAME                        IRQ       
 0 01:00.0  nVidia Corporation           unknown device (rev: 162)   7         
 1 00:18.3  Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Mi... 0         
 2 00:18.2  Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DR... 0         
 3 00:18.1  Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Ad... 0         
 4 00:18.0  Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Hy... 0         
 5 00:13.0  Realtek Semiconductor Co.... RTL-8139/8139C/8139C+ (r... 11        
 6 00:11.0  VIA Technologies, Inc.       VT8237 ISA bridge [KT600... 0         
 7 00:0f.0  VIA Technologies, Inc.       VT82C586A/B/VT82C686/A/B... 255       
 8 00:0d.0  VIA Technologies, Inc.       VT6105 [Rhine-III] (rev:... 10        
 9 00:0b.0  Atheros Communications, Inc. AR5212 802.11abg NIC (re... 5         
10 00:0a.0  Realtek Semiconductor Co.... RTL-8169 Gigabit Etherne... 11        
11 00:01.0  VIA Technologies, Inc.       VT8237 PCI bridge [K8T80... 0         
12 00:00.7  VIA Technologies, Inc.       unknown device (rev: 0)     0         
13 00:00.4  VIA Technologies, Inc.       unknown device (rev: 0)     0         
14 00:00.3  VIA Technologies, Inc.       unknown device (rev: 0)     0         
15 00:00.2  VIA Technologies, Inc.       unknown device (rev: 0)     0         
16 00:00.1  VIA Technologies, Inc.       unknown device (rev: 0)     0         
17 00:00.0  VIA Technologies, Inc.       unknown device (rev: 0)     0         
[admin@MikroTik] >

thomsany · June 2, 2009, 2:31am

I have the same issue, maybe you can help me..
ether1 (public to DMZ address): 10.0.0.2/24
wlan1 10.5.50.1/24 with hotspot.
I enabled srcnat with Outgoing interface ether1 and masquerading.

Some websites show,others not.
The DNS on the clients are in the following order:

10.5.50.1
my public DNS
my public DNS
I have the DNS to allow remote lookups as well.

I don’t know why some websites work, others don’t and even the ones that work sometimes they don’t work and so on.
Any suggestions?
Thanks much

SurferTim · June 2, 2009, 7:54am

I would remove the 10.5.50.1 address from the dns settings. Just use your two public dns server ips there. If that doesn’t help, you might want to start another post.

thomsany · June 2, 2009, 1:36pm

I fixed the problem with the help of Mikrotik support.
The problem was that in my routes I had my Gateway set correctly but my Interface was pointing to my phisical connection.
After I removed the Gateway interface everything worked like a charm.

Hope this can help others with this problem.

Regards,
Teo

Enemarieal · August 4, 2011, 7:35am

Hi Teo,

I am glad to see your thread, Thanks for posting the resolution.

Pls i am a newbie, and will like a bit explanation on “my Interface was pointing to my phisical connection”

I want to understand what you mean by removing the gateway interface,

Thanks Again, anticipating your response.

BR
Alex