I have 2 RB500’s. One has the lastest V3.9 (in production) and the other is V 2.9 (lab). I am having an issue where the V3.9 is having dropped packets on the External interface and due to our complexity of the setup, I was trying to simulate it in our lab to see if it was the way the Interfaces were plugged in, or if it had something to do with the programming of the router.
In the V3.9, I see MANY rules for the NAT and Filter that look to have been defined by the HOTSPOT setup. These rules do this:
See attached 3.9 NAT.jpg
See attached 3.9 Filter.jpg
No, the V2.9 router board (can’t be upgraded) has been setup with the same scenario and I have setup the hotspot as I did in my V3.9 one. But for some reason, the only rule is this:
See attached 2.9 NAT.jpg
See attached 2.9 Filter.jpg (Blank), can only attach 3 pics.
Can someone explain why or where or if the rules for the 3.9 are wrong, need deleted, may be causing my issues, or if it’s just a 3.9 thing.
BTW, my issues are this. The Primary/Ether1/Public IP address is dropping Pings, about 10%. Also, I am unable to connect to the 3.9 via SSH or Winbox, resulting in an error stating “could not get index: fatal error!”. This happens from the Internal/Ether2/Radio network too. Also, I get disconnected ALOT while managing my only way, MAC via Local IP.
Your ROS 2.9 has all of those firewall rules also. You don’t see them because the pull-down box in the upper-right corner
of the page is set to “static” instead of “all”. When set to “static” it doesn’t show the rules that were created dynamically by the
hotspot process.
That box was cut off in your jpeg image of the 2.9 screen, so I can’t be certain, but that is the most likely reason. I do see the box
on the 3.9 image and it is properly set to “all”, hence the long list of rules.
Why, you ask, are all those rules there? They were created dynamically when you turned on the hotspot. If you disable the hotspot,
they will disappear, and reappear when the hotspot is re-enabled. Be sure to select “all” from the firewall display pull-down box to see all this.
The function of these rules is to redirect hotspot clients to the hotspot server instead of whichever URL they are requesting. The
rules also create the ‘walled garden’ effect that allows hotspot clients to visit a subset of URL’s without first authenticating.
With some effort, you can walk your way through each of the rules to see how it will redirect hotspot client traffic before and after
authentication.
