Community discussions

 
axe50397
newbie
Topic Author
Posts: 36
Joined: Sat Jun 18, 2016 1:47 pm
Location: Brazzaville, Congo
Contact:

Firewall > NAT: Jump before hotspot

Mon Jul 04, 2016 12:48 am

Hello everyone,

I have a RB-951-UI 2HnD which receives the internet connection on ether1 and uses ether2 + ether3 to give it to other Wifi routerboards and switches for desktop computers.

We have enabled the hotspot on the gateway, everything related to hotspot is working great. The thing is that we had NAT rules (port redirections) from the outside (from internet) and can't connect anymore except to the router directly (we can connect to the web interface, not to an ssh inside for instance). We suspect the hotspot NAT firewall rules (which are dynamically added to the top of the rules) messes with this. Here are all our rules, currently
Image

From #1 to #15, dynamically added by the hotspot. #20 to #29 are NAT rules we have created under the chain name "external", and #30 returns. Then, for this to work, I thought I could create #0 on dstnat, which is basically "Everything from the outside, jump to external". I've also enabled logging on #0, but nothing appears on the log when I try to connect to a redirected port (example, 10000).

What am I doing wrong? Any idea to help please? Just in case filter rules are required, I've attached them.
 
w0lt
Member
Member
Posts: 484
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: Firewall > NAT: Jump before hotspot

Mon Jul 04, 2016 3:47 am

You might consider creating Vlans for the Hotspots?
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "

Image
 
axe50397
newbie
Topic Author
Posts: 36
Joined: Sat Jun 18, 2016 1:47 pm
Location: Brazzaville, Congo
Contact:

Re: Firewall > NAT: Jump before hotspot

Mon Jul 04, 2016 4:47 pm

You might consider creating Vlans for the Hotspots?
Thanks for your suggestion, this is a good idea. But I think the "jump" issue will still be there, the hotspot will be on top.

Who is online

Users browsing this forum: MSN [Bot] and 87 guests