Hotspot with 2 interfaces

RouterOS General
1

I have a univeral hotspot setup and running. I have another ether2 connection that is 100% connected to the web. I want to add hotspot auth. to the ether2 setup. I used the command listed in the docs.

It is possible to add hotspot authentication for one more interface (prism2) by adding only 4 additional firewall rules:

Setup dst-nat to redirect unauthorized clients to the hotspot service:

/ip firewall dst-nat add in-interface="prism2" flow="!hs-auth" protocol=tcp
dst-potr=443 action=redirect to-dst-port=443
comment="redirect unauthorized prism2 clients to hotspot service"
/ip firewall dst-nat add in-interface="prism2" flow="!hs-auth" protocol=tcp
action=redirect to-dst-port=80
comment="redirect unauthorized prism2 clients to hotspot service"

Limit access for unauthorized prism2 interface clients:

/ip firewall rule forward add in-interface=prism2 action=jump
jump-target=hotspot-temp comment="limit access for unauthorized prism2 clients"
/ip firewall rule input add in-interface=prism2 action=jump
jump-target=hotspot-temp comment="limit access for unauthorized prism2 clients"

\

This did not work, am I missing something? This is all I did - now there
is no web access on ether2

(and yes - I spelled port right - the above is a copy paste)

2

Anyone have any ideas? This is out of the docs, what am I missing?

3

print

/ip firewall rule forward
/ip firewall rule input

4

I removed (system reset) the lines liested above. The router had to go into service right away. I am posting what is on the system now, and if that will not help, I will resend the command and re-print the following. Let me know if I need to do this.


[admin@MikroTik] ip firewall rule forward> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; limit access for unauthorized hotspot clients
in-interface=AP action=jump jump-target=hotspot-temp

1 ;;; account traffic for authorized hotspot clients
action=jump jump-target=hotspot


[admin@MikroTik] ip firewall rule input> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; account traffic from hotspot clients to hotspot servlet
in-interface=AP dst-address=:80 protocol=tcp action=jump
jump-target=hotspot

1 ;;; accept requests for hotspot servlet
in-interface=AP dst-address=:80 protocol=tcp action=accept

2 ;;; accept requests for local DHCP server
in-interface=AP dst-address=:67 protocol=udp action=accept

3 ;;; limit access for unauthorized hotspot clients
in-interface=AP action=jump jump-target=hotspot-temp


(again please let me know if this helps, or I need to send the commands again… and thanks for the User Groups Help!)