When running a hotspot and a normal network of the same RB how do you config the proxy?
I want the hotsot to have full access to the net but the other network I want to limit using the proxy. Would you change the NAT rule so as to only redirect IP addresses on the local network (not hotspot) to the proxy?
chain=dstnat action=redirect to-ports=8080 src-address=192.168.x.0/24 dst-port=80 protocol=tcp
192.168.x.0/24 = IP addresses on local network (not hotspot)
Should this rule work?
Hi,
You could try to mangle (mark packets for eg) coming from normal network and the dst-nat those mangled packets to the proxy.
Hope this puts you on track as to what you need to get done!
Regards
Leon
Gromit, your rule should work, but you have to place it to the top of NAT rules.
As well you have to be aware of the fact, that reboot will bring dynamic HotSpot rules to the top. So you need to set script that will bring static DST-NAT rule to the top of the list.
I got it to work. I created an address list with the IP range of the IPs needing to be redirected to the proxy. The created an NAT rule using the address list.