Community discussions

MikroTik App
 
ZamNam
just joined
Topic Author
Posts: 16
Joined: Wed Sep 16, 2009 5:30 am

Hotspot And Firewall Filters

Thu Jul 08, 2010 10:45 am

Hello
I have mikrotik router and i have hotspot configured and the rules in the firewall filters and Nat for internet access
My question is, how can i place a computer on the same physical subnet of the hotspot interface and at the same time override the hotspot settings so that any connections between this computer and the internet is not processed through the hotspot server ?
Thanks
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Hotspot And Firewall Filters

Thu Jul 08, 2010 3:22 pm

This one I have not tested, but it should work. Replace 192.168.0.2 with the ip of the computer.

/ip firewall filter
add chain=forward src-address=192.168.0.2 action=accept
add chain=forward dst-address=192.168.0.2 action=accept

Then move both rules to the top of the filter list with 'move'. These must be above the rule with 'place hotspot rules here' comment.

I don't have a setup to test it right now. Let me know how it does.

ADD: You can also bypass the ip through the hotspot with
/ip hotspot ip-binding
add address=192.168.0.2 type=bypassed
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Hotspot And Firewall Filters

Thu Jul 08, 2010 4:43 pm

I'd go with the bypass - every time you edit the Hotspot it will move its dynamic rules back to the top and you'd have to move your manual bypass above them again.
 
ZamNam
just joined
Topic Author
Posts: 16
Joined: Wed Sep 16, 2009 5:30 am

Re: Hotspot And Firewall Filters

Thu Jul 08, 2010 9:26 pm

Thank you for the reply but yes i want to use the firewall exclusively to accomplish this task
I added both of the filter rules but i still get redirected to the hotspot log in page
thats how the filters look like and the Nat too maybe i need to change something in there too

Filters
Image

Nat
Image
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Hotspot And Firewall Filters

Thu Jul 08, 2010 9:32 pm

If you really, really want to use the firewall rules you have to turn off redirecting to the Hotspot in the NAT section:
/ip firewall nat
chain=pre-hotspot action=accept src-address=192.168.0.2
chain=pre-hotspot action=accept dst-address=192.168.0.2
That should do it.

Again, I recommend using the bypass function instead.

Edit: looking through the firewall configuration Hotspots generate on 4.10, instead of moving rules in the forward table you can also use the following:
/ip hotspot walled-garden ip
add action=accept src-address=192.168.0.2
that will automatically insert a bypass for traffic to and from that IP address into the dynamic ruleset, and would therefore be preferred to manual rules that you move around.
 
ZamNam
just joined
Topic Author
Posts: 16
Joined: Wed Sep 16, 2009 5:30 am

Re: Hotspot And Firewall Filters

Thu Jul 08, 2010 11:25 pm

That worked like a charm thank you very much
But for some reason i still see the IP address of the computer on the HOSTS tab in the Hotspot
So that means some how the Hotspot still see that computer right

Who is online

Users browsing this forum: Google [Bot] and 92 guests