Hi All
I have a requirement to setup a hotspot for public use, it will need to forward all web traffic to an existing upstream proxy that does content filtering.
I’m familiar with how to setup the hotspot, but whats the best way to forward the traffic to the upstream proxy?
Thanks
No one?
Set up a destination NAT rule that forwards the traffic. Assuming the upstream proxy is 1.1.1.1 and you want to forward tcp/80 and tcp/8080:
/ip firewall nat
add chain=dstnat hotspot=auth,from-client protocol=tcp src-port=80,8080 action=dst-nat to-address=1.1.1.1
Thanks for the response. This didn’t seem to work. Where in the NAT order should this rule go?
For example, i want to redirect 80 and 443 to 1.1.1.1 on port 8081
ip firewall nat
add chain=dstnat hotspot=auth,from-client protocol=tcp src-port=80,443 action=dst-nat to-address=1.1.1.1 to-ports 8081
Thanks
Sorry, I had an error, change the chain in that rule to ‘pre-hotspot’.
It doesn’t matter where the rule is, unless you have other rules in that chain.
i do this but user can access to network without authentication
this rule must setup after authentication
is any way to do this ???
or any bridge protocol or setting that set after authentication
for example i want to forward HTTP/HTTPS traffic to other upstream proxy in 3128 port but this
ip firewall nat
add chain=dstnat hotspot=pre-hotspot ,from-client protocol=tcp src-port=80,443 action=dst-nat to-address=1.1.1.1 to-ports 3128
The rule I posted last can’t possibly work for unauthenticated Hotspot clients. It specifically includes “hotspot=auth”, which is only true for authenticated clients.