Community discussions

 
remonboonstra
just joined
Topic Author
Posts: 12
Joined: Sun Aug 30, 2015 12:08 am

Reach device on hotspot (device has no gateway).

Tue Oct 20, 2015 12:31 am

Hi,

I have 2 WAN's combined on eth1 and eth2. (NAT'ed connection via dsl modem).
I have hotspot configured on eth 4 and 5 (192.168.4.0/23), 1:1 NAT enabled.

My device is on the hotspot network, had IP Binding (bypass) in hotspot (and static binding in DHCP Server... unsure if both are needd).

The device get's an IP (192.168.4.165) This is shown in DHCP Server, but not in Hotspot hosts?

Als I expect the device to only get an IP-address and not a default gateway (cannot check as I'm remote and can't reach the device).

part of config:
/interface ethernet
set [ find default-name=ether3 ] name=LAN3
set [ find default-name=ether5 ] name=LAN5
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
/interface ethernet
set [ find default-name=ether4 ] master-port=LAN5 name=LAN4
/ip pool
add name=Default_DHCPPool ranges=192.168.88.10-192.168.88.254
add name=Hotspot_DHCPPool ranges=192.168.4.10-192.168.5.254
add name=PPTP_DHCPPool ranges=192.168.134.10-192.168.134.15
/ip dhcp-server
add address-pool=Default_DHCPPool disabled=no interface=LAN3 name=Default_DHCPServer
add address-pool=Hotspot_DHCPPool disabled=no interface=LAN5 name=Hotspot_DHCPServer
/ip address
add address=192.168.88.1/24 comment="Open Network" interface=LAN3 network=192.168.88.0
add address=192.168.2.100/24 comment="WAN1 Network" interface=WAN1 network=192.168.2.0
add address=192.168.1.100/24 comment="WAN2 Network" interface=WAN2 network=192.168.1.0
add address=192.168.4.1/23 comment="Hotspot Network" interface=LAN5 network=192.168.4.0
/ip dhcp-server lease
add address=192.168.4.165 always-broadcast=yes client-id=1:0:b:c2:b:b5:ea:0 comment=HeadEnd1 mac-address=00:0B:C2:0B:B5:EA server=Hotspot_DHCPServer
/ip dhcp-server network
add address=192.168.4.0/23 comment="For LAN4,LAN5 - HOTSPOT" domain=wpv.hotspot gateway=192.168.4.1
add address=192.168.88.0/24 comment="default configuration" domain=wpv.open gateway=192.168.88.1
/ip firewall filter
add chain=forward comment=TEST disabled=yes dst-address=192.168.4.165 in-interface=<pptp-wpv>
add chain=forward comment=TEST disabled=yes out-interface=<pptp-wpv> src-address=192.168.4.165
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=hs-input comment="Drop Winbox connection for hotspot users." disabled=yes dst-port=8291 protocol=tcp
add chain=manage-devices comment=TEST disabled=yes
add chain=input comment="Allow pinging the router itself on ALL interfaces" protocol=icmp
add chain=input comment="Accept all already established or related connections" connection-state=established,related
add chain=input comment="Allow PPTP connections from ALL interfaces" dst-port=1723 protocol=tcp
add chain=input comment="Allow PPTP connections from ALL interfaces" protocol=gre
add chain=forward comment="Allow management from PPTP VPN Pool" dst-address=192.168.4.0/23 src-address=192.168.134.0/24
add chain=input comment="Allow management from PPTP VPN Pool" src-address=192.168.134.0/24
add action=drop chain=input comment="Drop all incoming package on WAN1" in-interface=WAN1
add action=drop chain=input comment="Drop all incoming package on WAN2" in-interface=WAN2
add chain=forward comment="Accept all traffic types passing the router" connection-state=established,related
add action=drop chain=forward comment="Drop invalid packages" connection-state=invalid
add action=drop chain=forward comment="Drop all non-NAT packages passing on WAN1" connection-nat-state=!dstnat connection-state=new in-interface=WAN1
add action=drop chain=forward comment="Drop all non-NAT packages passing on WAN2" connection-nat-state=!dstnat connection-state=new in-interface=WAN2
add action=drop chain=forward comment="Drop traffic between Hotspot and Open network" dst-address=192.168.88.0/24 src-address=192.168.4.0/23
add action=drop chain=forward comment="Drop traffic between Hotspot and Open network" dst-address=192.168.4.0/23 src-address=192.168.88.0/24
/ip firewall mangle
add action=mark-connection chain=input comment="LB: Mark incoming connection" in-interface=WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=input comment="LB: Mark incoming connection" in-interface=WAN2 new-connection-mark=WAN2_conn
add action=mark-routing chain=output comment="LB: Mark routing" connection-mark=WAN1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output comment="LB: Mark routing" connection-mark=WAN2_conn new-routing-mark=to_WAN2
add chain=prerouting comment="DISABLED - not needed\?" dst-address=192.168.1.0/24 in-interface=LAN3
add chain=prerouting comment="DISABLED - not needed\?" dst-address=192.168.1.0/24 in-interface=LAN5
add chain=prerouting comment="DISABLED - not needed\?" dst-address=192.168.2.0/24 in-interface=LAN3
add chain=prerouting comment="DISABLED - not needed\?" dst-address=192.168.2.0/24 in-interface=LAN5
add action=mark-connection chain=prerouting comment="LB: (open) PCC mark connection" dst-address-type=!local in-interface=LAN3 new-connection-mark=WAN1_conn per-connection-classifier=\
    dst-address-and-port:2/0
add action=mark-connection chain=prerouting comment="LB: (hotspot) PCC mark connection" dst-address-type=!local hotspot=auth in-interface=LAN5 new-connection-mark=WAN1_conn \
    per-connection-classifier=dst-address-and-port:2/0
add action=mark-connection chain=prerouting comment="LB: (open) PCC mark connection" dst-address-type=!local in-interface=LAN3 new-connection-mark=WAN2_conn per-connection-classifier=\
    dst-address-and-port:2/1
add action=mark-connection chain=prerouting comment="LB: (hotspot) PCC mark connection" dst-address-type=!local hotspot=auth in-interface=LAN5 new-connection-mark=WAN2_conn \
    per-connection-classifier=dst-address-and-port:2/1
add action=mark-routing chain=prerouting comment="LB: Mark routing to WAN1" connection-mark=WAN1_conn in-interface=LAN3 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting comment="LB: Mark routing to WAN1" connection-mark=WAN1_conn in-interface=LAN5 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting comment="LB: Mark routing to WAN2" connection-mark=WAN2_conn in-interface=LAN3 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting comment="LB: Mark routing to WAN2" connection-mark=WAN2_conn in-interface=LAN5 new-routing-mark=to_WAN2
/ip firewall nat
add chain=pre-hotspot disabled=yes dst-address-type=!local hotspot=auth
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="DISABLED - masquerade hotspot network" disabled=yes src-address=192.168.4.0/23
add action=masquerade chain=srcnat comment="NAT: traffic flowing out via WAN1" out-interface=WAN1
add action=masquerade chain=srcnat comment="NAT: traffic flowing out via WAN2" out-interface=WAN2
/ip hotspot ip-binding
add address=192.168.4.165 comment=HeadEnd1 mac-address=00:0B:C2:0B:B5:EA server=Hotspot_Server type=bypassed
/ip route
add comment="PCC route WAN1" distance=1 gateway=192.168.2.254 routing-mark=to_WAN1
add comment="PCC route WAN2" distance=2 gateway=192.168.1.254 routing-mark=to_WAN2
add comment="non-PCC route WAN1" distance=1 gateway=192.168.2.254
add comment="non-PCC route WAN2" distance=2 gateway=192.168.1.254
I hope someone can help to give me access to the device.

Thank you!
 
scampbell
Trainer
Trainer
Posts: 457
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: Reach device on hotspot (device has no gateway).

Thu Oct 22, 2015 5:29 am

When I need to get access to a device that has no gateway but does have a valid IP in a subnet, I use a srcnat/masquerade rule so traffic to the device appears to come from it's local subnet.

/ip firewall nat add chain=srcnat to-address=192.168.4.165 action=masquerade

If the device is on the hotspot and getting dhcp I would assume it would get a default gateway though ? Don't your hotspot clients get a gateway ?
MTCNA, MTCWE, MTCRE, MTCTCE, MTCSE, MTCINE, Trainer
___________________
Mikrotik Distributor - New Zealand
http://www.campbell.co.nz
 
remonboonstra
just joined
Topic Author
Posts: 12
Joined: Sun Aug 30, 2015 12:08 am

Re: Reach device on hotspot (device has no gateway).

Sun Oct 25, 2015 10:04 pm

Hello Scampbell,

thank you for your reply, I will try that and will try to reply here.
And yes I would think it gets a gateway, but can't check (it's a little weird device anyway :)

Who is online

Users browsing this forum: keithy, MSN [Bot] and 107 guests