Community discussions

MUM Europe 2020
 
User avatar
Gromit
newbie
Topic Author
Posts: 37
Joined: Tue Jul 24, 2007 11:47 am

Hotspot security

Tue Jul 24, 2007 11:54 am

I have set up a RB532 as a hotspot on the wireless interface, but would like to secure it. I don't want users of the hotspot to be able to access the routerboard via Winbox. How would I go about doing this? Would I create a NAT rule?

(the eth1 interface will have a separate network that will make use of the web proxy but not the hotspot)
 
Nuke
newbie
Posts: 42
Joined: Mon Jul 31, 2006 7:35 pm
Location: South Africa
Contact:

Re: Hotspot security

Tue Jul 24, 2007 12:04 pm

Hi, are you Gromit from PCF SA?

Set up firewall rule that blocks(drop or reject) port 8291 if the in-interface is the wlan interface. Should do the trick.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24365
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Hotspot security

Tue Jul 24, 2007 12:05 pm

there are many ways. changing the port, allowing chain "input" only to specific IPs, port knocking (there is a topic on this in the same section)
 
User avatar
Gromit
newbie
Topic Author
Posts: 37
Joined: Tue Jul 24, 2007 11:47 am

Re: Hotspot security

Tue Jul 24, 2007 12:06 pm

Yip thats me Gromit on PCF SA :)

Will give it a bash, thanx
 
User avatar
Gromit
newbie
Topic Author
Posts: 37
Joined: Tue Jul 24, 2007 11:47 am

Re: Hotspot security

Tue Jul 24, 2007 12:39 pm

there are many ways. changing the port, allowing chain "input" only to specific IPs, port knocking (there is a topic on this in the same section)
Please can you post a link to the thread
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24365
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Hotspot security

Tue Jul 24, 2007 12:45 pm

 
User avatar
Gromit
newbie
Topic Author
Posts: 37
Joined: Tue Jul 24, 2007 11:47 am

Re: Hotspot security

Tue Jul 24, 2007 3:40 pm

If I am creating an address pool eg. 192.168.99.0/24 for use on the hotspot. Can I not just create a firewall input rule to drop all input packets from this range of IPs?
 
User avatar
Gromit
newbie
Topic Author
Posts: 37
Joined: Tue Jul 24, 2007 11:47 am

Re: Hotspot security

Thu Jul 26, 2007 9:22 am

If I am creating an address pool eg. 192.168.99.0/24 for use on the hotspot. Can I not just create a firewall input rule to drop all input packets from this range of IPs?
No one have an answer for me?
 
channingzou
Member Candidate
Member Candidate
Posts: 137
Joined: Sun Feb 25, 2007 7:57 am
Location: NC,USA

Re: Hotspot security

Tue Jul 31, 2007 5:58 am

I have set up a RB532 as a hotspot on the wireless interface, but would like to secure it. I don't want users of the hotspot to be able to access the routerboard via Winbox. How would I go about doing this? Would I create a NAT rule?

(the eth1 interface will have a separate network that will make use of the web proxy but not the hotspot)
/ip firewall filter add chain=input src-address=192.168.1.2(change to yours) dst-address=192.168.1.1(change to yours) action=accept comment="allow specify login" disabled=no
disable port 8291 if you add for accept with out interface selected

Who is online

Users browsing this forum: alvar0rodrig0, vasilevkirill and 52 guests