I am trying to set up a transparent traffic shaper using a hotspot on a bridge interface. This setup is in the middle of our corporate network as shown below:
My problem is that when I activate the Hotspot I don’t get traffic passing through it. If I open a browser on a a client machine it eventually times out with a “host not found” message.
If I point my browser at the dns server generated by the Hotspot setup, I get the logon page and if I click on the “trial” user it gives me the “Welcome trial user” screen. If I try to
browse at this point I get a timed out message again. If I do a packet sniff, I see that the Hotspot dns is contacting the external dns servers and is getting a response back from them
but it is not passing back to the client machine. See attached file:
cap1.txt (13 KB)
Below are the printouts of my setup.
[admin@MikroTik] /ip hotspot profile> print
Flags: * - default
0 * name=“default” hotspot-address=0.0.0.0 dns-name=“” html-directory=hotspot
rate-limit=“” http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no
use-radius=no
1 name=“hsprof1” hotspot-address=10.65.54.253 dns-name=“bhstrialdns”
html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap,trial
http-cookie-lifetime=3d split-user-domain=no trial-uptime=30m/1d
trial-user-profile=guest use-radius=no
[admin@MikroTik] /ip hotspot> print detail
Flags: X - disabled, I - invalid, S - HTTPS
0 name=“hotspot1” interface=bolte profile=hsprof1 idle-timeout=5m
keepalive-timeout=none ip-of-dns-name=10.65.54.253
proxy-status=“running”
[admin@MikroTik] /interface bridge> print
Flags: X - disabled, R - running
0 R name=“bolte” mtu=1500 l2mtu=1600 arp=enabled
mac-address=00:0C:42:97:88:A5 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] /ip hotspot user profile> print detail
Flags: * - default
0 * name=“default” idle-timeout=none keepalive-timeout=2m
status-autorefresh=1m shared-users=1 transparent-proxy=no
1 name=“guest” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m
shared-users=1 rate-limit=“64k/256k 128k/1536k 96k/512k 30/30 8”
transparent-proxy=yes open-status-page=always advertise=no
It almost seems like there is arp poisoning but I don’t have any IP Pools turned on. I feel like I am missing something simple and obvious but I have deleted the whole configuration
and recreated it a number of times. Anybody have any ideas?