Community discussions

MUM Europe 2020
 
ilja
newbie
Topic Author
Posts: 49
Joined: Thu Feb 22, 2018 1:15 pm

Userman ignoring data to/from specific address

Mon Apr 16, 2018 1:16 pm

Hey all.

I have Mikrotik hotspot + userman. It works fine and keeps user data usage.
I want to limit all users to 400MB a day (400MB from global web). I can do that with userman limits+scripting to reset traffic counters.
But in my system i have an office scanner/printer under static IP 192.168.88.5. And if my users are scanning a lot that is treated as traffic and users runs out of their 400MB/day without even using www internet.

Is there any way to add scanner's IP 192.168.88.5 to some sort of a "white list", so all the data exchange with that won't be seen as traffic for userman?

Thank you
 
2frogs
Long time Member
Long time Member
Posts: 542
Joined: Fri Dec 03, 2010 1:38 am

Re: Userman ignoring data to/from specific address

Mon Apr 16, 2018 3:28 pm

There is not a way that I am aware of on your current setup. If you want the Hotspot only for Internet access and not controlling LAN, you can move the LAN to separate device (or possible create a LoopBack to same device) and filter WAN through Hotspot.
 
ilja
newbie
Topic Author
Posts: 49
Joined: Thu Feb 22, 2018 1:15 pm

Re: Userman ignoring data to/from specific address

Mon Apr 16, 2018 3:54 pm

There is not a way that I am aware of on your current setup. If you want the Hotspot only for Internet access and not controlling LAN, you can move the LAN to separate device (or possible create a LoopBack to same device) and filter WAN through Hotspot.
Thank you, 2frogs. I think i have misinformed you about the setup.

I already have separate interfaces for hotspot and LAN devices. LAN is in the IP pool 192.168.88.0, while hotspot is under 192.168.92.0. But the traffic between these two interfaces is still treated as thought user is using www internet, hence userman quota is running out much faster
 
2frogs
Long time Member
Long time Member
Posts: 542
Joined: Fri Dec 03, 2010 1:38 am

Re: Userman ignoring data to/from specific address

Mon Apr 16, 2018 4:18 pm

Maybe a network diagram and post contents
/export hide-sensitive file=export.rsc
from the .rsc? You can download the file and edit it with a text editor.
 
ilja
newbie
Topic Author
Posts: 49
Joined: Thu Feb 22, 2018 1:15 pm

Re: Userman ignoring data to/from specific address

Mon Apr 16, 2018 5:02 pm

Maybe a network diagram and post contents
/export hide-sensitive file=export.rsc
from the .rsc? You can download the file and edit it with a text editor.
Sure, sorry for that.
Here is a network diagram
2018-04-16 15_57_47-network_diagram - draw.io.png
And export rsc file - https://paste.ubuntu.com/p/S9Xw3jgthW/
You do not have the required permissions to view the files attached to this post.
 
2frogs
Long time Member
Long time Member
Posts: 542
Joined: Fri Dec 03, 2010 1:38 am

Re: Userman ignoring data to/from specific address

Mon Apr 16, 2018 6:23 pm

Ok, really you have 2 LAN segments and the same applies! You would have to separate the 192.168.92.0/24 from the Hotspot by using a separate device for the Hotspot or possibly by (I have not tested) moving the Hotspot to a separate bridge and use mangle/routing marks to send the desired traffic through the Hotspot bridge.
 
ilja
newbie
Topic Author
Posts: 49
Joined: Thu Feb 22, 2018 1:15 pm

Re: Userman ignoring data to/from specific address

Tue Apr 17, 2018 9:25 am

Ok, really you have 2 LAN segments and the same applies! You would have to separate the 192.168.92.0/24 from the Hotspot by using a separate device for the Hotspot or possibly by (I have not tested) moving the Hotspot to a separate bridge and use mangle/routing marks to send the desired traffic through the Hotspot bridge.
Oh, can you please help me to break it down to understand better?

If i understand correctly, in my setup, I have two bridges:
bridge-hotspot = the bridge where hotspot is implemented
bridge1 = a bridge of all 5 router's ethernet sockets
By adding them all to Bridge/Ports I have made them all bridged together, so all the connected devices could ping(see) each other, no matter under which network they are.
bridge-1.png
bridge-ports.png
And I have two DHCP servers:
LAN dhcp on bridge1
Hotspot dhcp on bridge-hotspot

What currently happens, is that the traffic between devices on LAN dhcp and Hotspot dhcp is seen as traffic and get's subtracted from Hotspot Userman's traffic quota. And I am somehow trying to make it don't count any exchanged packages between LAN dhcp devices and Hotspot devices as Userman's traffic.
You do not have the required permissions to view the files attached to this post.
 
2frogs
Long time Member
Long time Member
Posts: 542
Joined: Fri Dec 03, 2010 1:38 am

Re: Userman ignoring data to/from specific address

Tue Apr 17, 2018 2:02 pm

You will have to add a second Mikrotik device between your current one and your ISP modem. You would then move your Hotspot and Firewall rules to this new device. Would need either 2 bridges, 1 for Hotspot and 1 for non-Hotspot or use 1 bridge for Hotspot and use IP Binding/ Bypass to allow you non-Hotspot traffic through.

Your current device would only handle CAPS, DHCP, and routing between the 2 Network segments. You would remove the default firewall and NAT as this would be handled by the new device.

I thought I had seen someone do something similar on a single device, but I could not find the post. And in my testing I was unable to get this to work.

Who is online

Users browsing this forum: blajah, Google [Bot], pe1chl and 101 guests