HotSpot Multiples Users Profiles
Posted: Tue Jul 02, 2019 7:27 pm
Hi everyone, i'm new in the mikrotik world and i'm experimenting with hotspot server.
Here's the scenario i'm trying to build:
Multiples Hotspot users with 3 differents users profile
Profile 1: No internet access
Profile 2: Internet access but blocking specific sites (eg.: facebook, youtube...)
Profile 3: Unrestricted internet access
I'm able to configure the hotspot, and users are able to navigate, but when i try to set incoming filter and outgoing filter to user profile, i'm unable to block according the 3 profiles above.
A jump filter rule ir created, dynamic, and then i use L7 to block, but with no succes.
Here's the configuration:
--
.
the last 4 rules (chain hotspot jump-target:hs-px) are created automatically after set the incoming and outgoing filter in user profile. i've tried the following firewall rule witout success
Some one could help me setting up this scenario? Maybe a tutorial guide?
Thanks a lot
Here's the scenario i'm trying to build:
Multiples Hotspot users with 3 differents users profile
Profile 1: No internet access
Profile 2: Internet access but blocking specific sites (eg.: facebook, youtube...)
Profile 3: Unrestricted internet access
I'm able to configure the hotspot, and users are able to navigate, but when i try to set incoming filter and outgoing filter to user profile, i'm unable to block according the 3 profiles above.
A jump filter rule ir created, dynamic, and then i use L7 to block, but with no succes.
Here's the configuration:
Code: Select all
/ip hotspot user profile
set [ find default=yes ] rate-limit=10M/10M transparent-proxy=yes
add incoming-filter=hs-p1 name=profile1 outgoing-filter=hs-p1 rate-limit=5M/5M \
transparent-proxy=yes
add incoming-filter=hs-p2 name=profile2 outgoing-filter=hs-p2 \
transparent-proxy=yes
add incoming-filter=hs-p3 name=profile3 outgoing-filter=hs-p3 \
transparent-proxy=yes
Code: Select all
/ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth
1 D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!aut>
2 D chain=input action=jump jump-target=hs-input hotspot=from-client
3 D chain=input action=drop protocol=tcp hotspot=!from-client dst-port=64872-64875
4 D chain=hs-input action=jump jump-target=pre-hs-input
5 D chain=hs-input action=accept protocol=udp dst-port=64872
6 D chain=hs-input action=accept protocol=tcp dst-port=64872-64875
7 D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth
8 D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp
9 D chain=hs-unauth action=reject reject-with=icmp-net-prohibited
10 D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited
11 X ;;; place hotspot rules here chain=unused-hs-chain action=passthrough log=no log-prefix=""
12 D chain=hotspot action=jump jump-target=hs-p1 src-address=10.0.0.50
13 D chain=hotspot action=jump jump-target=hs-p1 dst-address=10.0.0.50
14 D chain=hotspot action=jump jump-target=hs-p2 src-address=10.0.0.48
15 D chain=hotspot action=jump jump-target=hs-p2 dst-address=10.0.0.48
the last 4 rules (chain hotspot jump-target:hs-px) are created automatically after set the incoming and outgoing filter in user profile. i've tried the following firewall rule witout success
Code: Select all
add action=drop chain=hs-p1 layer7-protocol="Block Facebook" protocol=tcp \
src-port=80,443
Thanks a lot