Community discussions

MUM Europe 2020
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

HotSpot and public ip (NAT)

Mon Aug 21, 2006 12:55 am

Hi there,
I have a hotspot server on local interface 10.10.0.2 and 5 clients who do connecting via hotspot (10.10.1.1-10.10.1.5). I want to every of them have his own public IP. I try with below way, but it's not working. Does anyone know why? What's wrong with this?

/ip address add address=87.250.108.135/32 interface=Public


/ip firewall nat add chain=dstnat dst-address=87.250.108.135 action=dst-nat \
to-addresses=10.10.1.1



/ip firewall nat add chain=srcnat src-address=10.10.1.1 action=src-nat \
to-addresses=87.250.108.135


After I do that, then I go from computer 10.10.1.1 on http://www.whatismyip.com, it's shows me a IP of mikrotik (87.250.126.210) instead 87.250.108.135
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Tue Aug 22, 2006 12:55 pm

up
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Wed Aug 23, 2006 7:22 pm

up
 
User avatar
maximan
Trainer
Trainer
Posts: 549
Joined: Sat May 29, 2004 12:10 am
Location: Rio Cuarto, Argentina
Contact:

Wed Aug 23, 2006 7:24 pm

on what orden you have this rule ??

M.
MKE Solutions > Professional Support IT (Spanish / English)
FastNetMon / FNM Manager: DDoS Detection Tools.
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Wed Aug 23, 2006 10:35 pm

I don't understund you. Those are the only rules wich i have in nat.
 
User avatar
chris-oct
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Tue Mar 21, 2006 6:58 pm

Thu Aug 24, 2006 6:47 pm

The way we got public IPs to work with hotspot is to have radius set a public IP (Framed-IP-Address) after they authenticate. You dont want to set those public IPs to the Mikrotik interface. Just make sure the route is in place to route packets destined for those ips to the appropriate place.
 
User avatar
maroon
Member Candidate
Member Candidate
Posts: 233
Joined: Thu Oct 07, 2004 11:15 am
Location: Lebanon
Contact:

Thu Aug 24, 2006 8:32 pm

action=netmap doesn't do the job!!!!
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Sat Sep 02, 2006 1:17 am

I still have a problem. There's block of IP addresses and I want that every client who is connecting via hotspot have his own public IP. With rule which I add in this topic that dont works. Does anyone know what is the problem? To all my clients which are connected via hotspot, when they go on http://www.whatismyip.com it show 87.250.126.210 (main ip of mikrotik)
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Sat Sep 02, 2006 5:57 am

I still have a problem. There's block of IP addresses and I want that every client who is connecting via hotspot have his own public IP. With rule which I add in this topic that dont works. Does anyone know what is the problem? To all my clients which are connected via hotspot, when they go on http://www.whatismyip.com it show 87.250.126.210 (main ip of mikrotik)
-------------
Hai, Rope....

Oooooooooo... :shock:
You will do marrige and replace IP 'DHCP' with 'Static', that's simple question but complicated rules. I think better to make authentication with 'PPPoE' than 'Hotspot', you can make many 'PPPoE Interfaces' is not confuse....

That's problem is, when your one of clients or other restart, The Host send New Free IP to Client. and your rule is not valid [this's my logica], i think DHCP[hotspot] same mean 'Dynamic Host Configuration Protocol', isn't it?

That is very very responsible from host [router].

Tips..!, you can visit our website, you can get screen your 'Real IP' at http://www.balimore.com :wink:

regards
Hasbullah.com
----------------
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Sat Sep 02, 2006 12:57 pm

I understand. I dont want that my clients have static IP, I want them to have dinamic. What I want to do is maping of local IP addresses 10.10.1.1-10.10.1.128 to public 87.250.108.128-87.250.108.255. About DHCP server, I dont even use mikrotik DHCP server. I use some other that is running on other machine, since I have two gateways in my network (prepaid and postpaid) and mikrotik DHCP dont have
that option with who I could reserv some IP and add him using of some other gateway and dns.
what I want to do is 128 rules and they will do a maping of local ip to public ip
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Sat Sep 02, 2006 1:55 pm

I understand. I dont want that my clients have static IP, I want them to have dinamic. What I want to do is maping of local IP addresses 10.10.1.1-10.10.1.128 to public 87.250.108.128-87.250.108.255. About DHCP server, I dont even use mikrotik DHCP server. I use some other that is running on other machine, since I have two gateways in my network (prepaid and postpaid) and mikrotik DHCP dont have
that option with who I could reserv some IP and add him using of some other gateway and dns.
what I want to do is 128 rules and they will do a maping of local ip to public ip
-------------
I am so sorry sir....!, maybe someone else can help you....

I didn't understand about your problem, cause first post you want to supply Public IP to every client via hotspot authentication.... and last your post you want to supply them...with dynamical IP.. :?:

as far as i know 'Dynamic' divide two one is 'Dynamic by manually' and other one 'Dynamic by Host' [DHCP],...again, so sorry i cann't help you. and maybe i am wrong.

peace all :wink:

regards
Hasbullah.com
-------------
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Sat Sep 02, 2006 2:19 pm

is the ip dynamic or static? that's irelevant. I want to maping
local 10.10.1.1 on public 87.250.108.130
local 10.10.1.2 on public 87.250.108.131
local 10.10.1.3 on public 87.250.108.132 etc...

Rule below should do that, but in my case that dont work:

/ip address add address=87.250.108.130/32 interface=Public


/ip firewall nat add chain=dstnat dst-address=87.250.108.130 action=dst-nat \
to-addresses=10.10.1.1



/ip firewall nat add chain=srcnat src-address=10.10.1.1 action=src-nat \
to-addresses=87.250.108.130
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Mon Sep 04, 2006 4:32 pm

Try to disable the transparent proxy in the hotspot user profile and check how it is working.
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Mon Sep 04, 2006 7:42 pm

I did it, but I still have same problem...
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Mon Sep 04, 2006 9:02 pm

is the ip dynamic or static? that's irelevant. I want to maping
local 10.10.1.1 on public 87.250.108.130
local 10.10.1.2 on public 87.250.108.131
local 10.10.1.3 on public 87.250.108.132 etc...

Rule below should do that, but in my case that dont work:

/ip address add address=87.250.108.130/32 interface=Public


/ip firewall nat add chain=dstnat dst-address=87.250.108.130 action=dst-nat \
to-addresses=10.10.1.1



/ip firewall nat add chain=srcnat src-address=10.10.1.1 action=src-nat \
to-addresses=87.250.108.130
---------------------------
Hai, Rope..

I hope you have point, and i thing your config is correct. just confirm to you about that, I has like your config and it's run as you need to 'MAP' my config running since tree months ago...

see this link: http://www.hasbullah.com/cgi-bin/r/db?p ... olocal#cat

you can see 'Red Block Color' is map like yours and 'Green Color' is my Router assign with Public IP.

regards
Balimore.com
------------------
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Mon Sep 04, 2006 9:28 pm

so, what do you think that is cousing me so much problems. is it possible that the reason is that I don't use mikrotik DHCP server?
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Tue Sep 05, 2006 8:24 am

so, what do you think that is cousing me so much problems. is it possible that the reason is that I don't use mikrotik DHCP server?
-----------------
Hello Rope...

No, when are you use DHCP[Hotspot] first you must 'ip-binding' that address, that's way to make access 'bypassed' from DHCP-Server to Dynamic bypassesed address, and when are you using 'Manually-Dynamic-IP' is not many procedure, and put dst-nat like before. i think should be ok.

other methode:
When you want supply client with Public IP without authentication first, just make 'BRIDGE' from Public interface to Local interface.

here i am using: static, dynamic, dhcp[hotspot], pppoe, userman as radius server, and mapping public to local address ..etc.

ok, send me your mail address. maybe i can help you.. :wink:
you can find my address at: http://www.balimore.com


regards
Hasbullah.com
----------------
 
jhydzik
just joined
Posts: 16
Joined: Sat Dec 17, 2005 10:29 am

Tue Sep 05, 2006 9:04 am

You can try to make sure that your NAT rules are ABOVE All your other rules, By that i mean at the top of the list, and the wait about 10 SEC and repair your "Customer SIDE Internet Connection so they get the DHCP address again and then try it, all should be good!
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Tue Sep 05, 2006 11:17 am

You can try to make sure that your NAT rules are ABOVE All your other rules, By that i mean at the top of the list, and the wait about 10 SEC and repair your "Customer SIDE Internet Connection so they get the DHCP address again and then try it, all should be good!
I did it, but I still have same problem...
 
jhydzik
just joined
Posts: 16
Joined: Sat Dec 17, 2005 10:29 am

Thu Sep 07, 2006 7:04 am

A quick ?

What does your WAN Interface Plug into, a MODEM or something of that sort? and if so can u try and physical plug from the MODEM, I am guess from your ISP. PLug from the moden in to a PC and set the IP of the PC to one of your statics and set up the Gateway and so on. then try and get online like that. If that works then your have something in your router Blocking the NAT rules or something else. Let me know, thanks

Joe H
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Thu Sep 07, 2006 12:48 pm

I have on same mikrotik pppoe server and pool for pppoe, there's one part of the addresses which are for pppoe users and when those users are connected they get public IP and on net that public IP belong to them, still I only have problems with hotspot
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Fri Sep 08, 2006 1:13 pm

I have on same mikrotik pppoe server and pool for pppoe, there's one part of the addresses which are for pppoe users and when those users are connected they get public IP and on net that public IP belong to them, still I only have problems with hotspot
-------------
Hello rope..

How are you, other translation at this link: http://forum.mikrotik.com//viewtopic.php?t=10659

I hope you will get point, and hotspot or pppoe i think is 'tool' for user to connect to the network with valid identity.

good luck...!

Regards
Hasbullah.com
-------------
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Sat Sep 09, 2006 2:43 am

when I disable HotSpot, everything work fine...
 
jarosoup
Long time Member
Long time Member
Posts: 600
Joined: Sun Aug 22, 2004 9:02 am

Sat Sep 09, 2006 8:49 pm

Under the Hotspot server settings, set your Address Pool to none and see if that helps.
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Sun Sep 10, 2006 8:19 am

when I disable HotSpot, everything work fine...
----------------
Ok,...rope....i think this nice forum

I am so sorry,.. :wink:
here, when disable hotspot. how to make print out of money..!
until now we are running on Dedicated lan, hotspot-aaa, pppoe-aaa, and userman as radius server centralized AAA over ethernet and wireless with privite and public ip. all interface in one NIC and WORK FINE too. i like mikrotik...system, but we are not enough time to make exploring more mikrotik features.

Just inform to you: with 'userman-radius-server' v2.9.30 more....easy & friendly

again, so i am so sorry.

regards
Hasbullah.com
----------------
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Sun Sep 10, 2006 2:20 pm

Under the Hotspot server settings, set your Address Pool to none and see if that helps.
I dont use mikrotik DHCP server, so in hotspot none of the pools was not selected.
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Wed Sep 13, 2006 8:26 pm

top
 
jarosoup
Long time Member
Long time Member
Posts: 600
Joined: Sun Aug 22, 2004 9:02 am

Thu Sep 14, 2006 2:00 am

Why aren't you using the MT DHCP? Try with that and see what happens.

On second thought, since you aren't using MT's DHCP, create a valid address pool and set your hotspot to that - this is part of the universal client which might help.
 
ropeba
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Thu Sep 14, 2006 12:35 pm

I have two gateways, one is mikrotik (10.10.0.2) for postpaid users and the other one is antamedia (10.10.0.5) for prepaid users. On dhcp server which I use I can set that some mac addresses are using one and some others are using other gateway, but with mikrotik dhcp server that is not possible.

I try to create a valid pool and add him to HOTSPOT server but without results
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Thu Sep 14, 2006 12:59 pm

I have two gateways, one is mikrotik (10.10.0.2) for postpaid users and the other one is antamedia (10.10.0.5) for prepaid users. On dhcp server which I use I can set that some mac addresses are using one and some others are using other gateway, but with mikrotik dhcp server that is not possible.

I try to create a valid pool and add him to HOTSPOT server but without results
------------
Hai, Friend

As your first post, i think is correct, you will success add option 'ULDIS' Posted. cause your server is Hotspot server as DHCP for aunt....first.

Uldis wrote:
Try to disable the transparent proxy in the hotspot user profile and check how it is working.


@uldis your post is true...and working


regards,
Hasbullah.com
------------

Who is online

Users browsing this forum: No registered users and 62 guests