Community discussions

MikroTik App
 
brychtak
just joined
Topic Author
Posts: 15
Joined: Mon Sep 11, 2006 10:55 am

collision between static NAT Rules and dynamic NAT rules

Wed Feb 21, 2007 11:06 am

Hello,

I have a problem with collision between static NAT Rules and dynamic NAT rules in hotspot mode. I need for example static rule for DNS questions to intranet (internal DNS server) and a lot of other rules. But there is a problem If I make static rules and the client connects to hotspot authentication proccess isn't succesfull because of collision between rules. If I remove the static rules auth. on Radius server is OK but DNS questions for intranet servers doesn't work.
Could you help me how to solve it? Is it possilbe i one rule match to continue other rules or?

Thank you

Radek
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6624
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Wed Feb 21, 2007 11:13 am

Radek,
specify local intranet 'dns' servers in 'ip dns', as well you can specify dns servers for clients during HotSpot setup.
You can add static NAT rule before HotSpot, however after reboot it will be moved down.
Dynamicaly created NAT rules adre described here,
http://www.mikrotik.com/testdocs/ros/2. ... hp#7.41.14
 
brychtak
just joined
Topic Author
Posts: 15
Joined: Mon Sep 11, 2006 10:55 am

Wed Feb 21, 2007 1:15 pm

Thank you. I know where to specify DNS server (ip - dns). I have dhcp server for hotspot users. Hotspot user has DNS 192.168.4.4 192.168.8.226. there is the problem. I need for autheticated clients working DNS, working intranet, working TCP connetion for example with exchange 192.168.x.y, proxy etc... Hotspot rules are dynamicaly added. and I need a lots od static rules for DNS, exchange, intranet, VNC... for passing through mirkrotik. But if I make static rules, user is not authenticated (no auth. form screened in the browser)because my rule is on the top. If I move it down the user is autheticated but DNS doesn't work, VNC, proxy, connection to exchange (outlook) etc.
I know that the rule must be on the top, I have script to move it up after reboot. Thats not a problem.
any soulution how to solve it?
 
brychtak
just joined
Topic Author
Posts: 15
Joined: Mon Sep 11, 2006 10:55 am

Fri Feb 23, 2007 10:28 am

Thank you. I know where to specify DNS server (ip - dns). I have dhcp server for hotspot users. Hotspot user has DNS 192.168.4.4 192.168.8.226. there is the problem. I need for autheticated clients working DNS, working intranet, working TCP connetion for example with exchange 192.168.x.y, proxy etc... Hotspot rules are dynamicaly added. and I need a lots od static rules for DNS, exchange, intranet, VNC... for passing through mirkrotik. But if I make static rules, user is not authenticated (no auth. form screened in the browser)because my rule is on the top. If I move it down the user is autheticated but DNS doesn't work, VNC, proxy, connection to exchange (outlook) etc.
I know that the rule must be on the top, I have script to move it up after reboot. Thats not a problem.
any soulution how to solve it?
no solution?? :(
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Fri Feb 23, 2007 10:40 am

you can try to simply create hotspot as it is, and that will unauthorised users to access any internet resources, if you want to allow them something add that to wallet garden
 
brychtak
just joined
Topic Author
Posts: 15
Joined: Mon Sep 11, 2006 10:55 am

Mon Mar 05, 2007 1:48 pm

Yes i know but i want for AUTHORIZED users own static rules and with no collision betwwen static and dynamic rules which is probably impossible.
 
ziadmelhem
just joined
Posts: 4
Joined: Mon Jul 30, 2007 4:54 pm

Re:

Sun Dec 30, 2007 3:53 pm

hello brychtak,
i have a mikrotik hotspot 2.9.x, i have some problems with NAT firewall rules of
web-proxy, dynamic rules is always on top and the web-proxy doesn't work
please i need the script to move up static rules after reboot.

thanks.

Who is online

Users browsing this forum: jspool, mikrotikschwall, mistyrhythm and 66 guests