Page 1 of 1

collision between static NAT Rules and dynamic NAT rules

Posted: Wed Feb 21, 2007 11:06 am
by brychtak
Hello,

I have a problem with collision between static NAT Rules and dynamic NAT rules in hotspot mode. I need for example static rule for DNS questions to intranet (internal DNS server) and a lot of other rules. But there is a problem If I make static rules and the client connects to hotspot authentication proccess isn't succesfull because of collision between rules. If I remove the static rules auth. on Radius server is OK but DNS questions for intranet servers doesn't work.
Could you help me how to solve it? Is it possilbe i one rule match to continue other rules or?

Thank you

Radek

Posted: Wed Feb 21, 2007 11:13 am
by sergejs
Radek,
specify local intranet 'dns' servers in 'ip dns', as well you can specify dns servers for clients during HotSpot setup.
You can add static NAT rule before HotSpot, however after reboot it will be moved down.
Dynamicaly created NAT rules adre described here,
http://www.mikrotik.com/testdocs/ros/2. ... hp#7.41.14

Posted: Wed Feb 21, 2007 1:15 pm
by brychtak
Thank you. I know where to specify DNS server (ip - dns). I have dhcp server for hotspot users. Hotspot user has DNS 192.168.4.4 192.168.8.226. there is the problem. I need for autheticated clients working DNS, working intranet, working TCP connetion for example with exchange 192.168.x.y, proxy etc... Hotspot rules are dynamicaly added. and I need a lots od static rules for DNS, exchange, intranet, VNC... for passing through mirkrotik. But if I make static rules, user is not authenticated (no auth. form screened in the browser)because my rule is on the top. If I move it down the user is autheticated but DNS doesn't work, VNC, proxy, connection to exchange (outlook) etc.
I know that the rule must be on the top, I have script to move it up after reboot. Thats not a problem.
any soulution how to solve it?

Posted: Fri Feb 23, 2007 10:28 am
by brychtak
Thank you. I know where to specify DNS server (ip - dns). I have dhcp server for hotspot users. Hotspot user has DNS 192.168.4.4 192.168.8.226. there is the problem. I need for autheticated clients working DNS, working intranet, working TCP connetion for example with exchange 192.168.x.y, proxy etc... Hotspot rules are dynamicaly added. and I need a lots od static rules for DNS, exchange, intranet, VNC... for passing through mirkrotik. But if I make static rules, user is not authenticated (no auth. form screened in the browser)because my rule is on the top. If I move it down the user is autheticated but DNS doesn't work, VNC, proxy, connection to exchange (outlook) etc.
I know that the rule must be on the top, I have script to move it up after reboot. Thats not a problem.
any soulution how to solve it?
no solution?? :(

Posted: Fri Feb 23, 2007 10:40 am
by janisk
you can try to simply create hotspot as it is, and that will unauthorised users to access any internet resources, if you want to allow them something add that to wallet garden

Posted: Mon Mar 05, 2007 1:48 pm
by brychtak
Yes i know but i want for AUTHORIZED users own static rules and with no collision betwwen static and dynamic rules which is probably impossible.

Re:

Posted: Sun Dec 30, 2007 3:53 pm
by ziadmelhem
hello brychtak,
i have a mikrotik hotspot 2.9.x, i have some problems with NAT firewall rules of
web-proxy, dynamic rules is always on top and the web-proxy doesn't work
please i need the script to move up static rules after reboot.

thanks.