I get a public ip address on this interface and I am able to access it via winbox with ip
address
wlan1
dhcp server enabled
static ip address assigned to port 10.10.100.1
masquerade is enabled on wlan1. Still can’t access internet.
The problem is that when I have this scenario setup behind a netgear router, everything works fine. I have hotspot enabled and I get the login screen and am able to browse the internet. Once I put this setup behind a public router and it gets a public ip address, the wireless clients connect to the wlan1 interface and receive a private ip address of 10.10.100.xxx. But when they open up a browser, the login page does not appear and page eventually timesout. I statically assigned a ip address to the host file on the pc and the hotspot page appears when I try to access the internet and I can login, but I can’t access internet. It seems like a DNS issue but I can’t figure it out. Any help is greatly appreciated.
0 ;;; Allow wireless internal ip addresses out
chain=input action=accept src-address-list=Internal List
The internal IP address is for the wireless network which is 10.10.100.0/24
This is enabled, and when I have the drop rule below enabled, I can’t get to the hotspot login page or the internet. I can ping the eth1 ip address and the wlan1 ip address with success. But still cannot get on the login page or online. When I disable the drop rule below, all is well. So now it’s working, but can someone tell me why this is happening. I would be very thankful.
9 ;;; drop all other invalid connection
chain=input action=drop
The input chain isn’t for traffic through the router, it is for traffic to the router. You may be confused there since the rule comment says “allow wireless internal ip addresses out”.
There are three predefined chains, which cannot be deleted:
input - used to process packets entering the router through one of the interfaces with the destination IP address which is one of the router’s addresses. Packets passing through the router are not processed against the rules of the input chain
forward - used to process packets passing through the router
output - used to process packets originated from the router and leaving it through one of the interfaces. Packets passing through the router are not processed against the rules of the output chain
How that exactly interacts with your setup is hard to say based on the partial information you are giving. Please post the output of “/ip address print detail”, “/ip route print detail”, “/ip hotspot export”, and “/ip firewall export” as well as “/ip firewall filter print all detail” and “/ip firewall nat print all detail”. Wrap output in