Hotspot to filter users behind a natted network.

hroubaix · February 16, 2009, 8:52am

I’ve installed a MikroTik router and configured it as a Hotspot server. All working great except for one little thing. I want to know if there is a way of authenticating users that come from a natted network. MikroTik only sees the router connected straight to it and not the clients behind that router, so if one user authenicate the whole network can browse on the first users account.

INTERNET <—> MT Hotspot <—> Client Router1 <—> User1,User2,User3

Hope this makes sense. In other words, “Client router” does a src-nat, then if any of the users authenticate on the hotspot, all users can access the internet. What I’m asking is, if there is a way to use the cookies to forse all users to authenticate. I know that routing is a solution, but if you connect Client Router2, and the users are in the same range as Client Router1, you can’t route traffic back.

SurferTim · February 16, 2009, 10:37am

I have not found a way for the natted net part. Cookies won’t help. They will only work if the client wishes them to, and it will show them all as logged in as soon as your first client logs in. Not only will they show as the same IP, but also the same mac address. No way of telling them apart, and that is the point of natting.

The alternatives are to un-nat that part of the net, or install the hotspot on the router(s) where the nat is being done now.

sunset · February 16, 2009, 4:10pm

SuferTim can you email me at roger@sunsetking.com I have some questions that I don’t want to put on the forum.

Thanks…

hroubaix · February 17, 2009, 9:25am

Thanks for your reply. I was thinking as much, more hoping that someone might have done something like that.