I have setup a hotspot on an ethernet interface connected to an AP and i have configured a dhcp server on that inerface also.
Everything is working fine, all wireless PCs obtain IP addresses from the ip pool and can access the login page when requesting any Address, untill i enable the firewall rule drop all (chain=input action=drop) wich follows a list of rules that one of them allow the traffic coming from the AP users to pass( chain=input src-address=X.X.X.X/24 action=accept) -where X.X.X.X/24 contains the pool of addresses that are assigned to the Hotspot users. Once the rule mentioned at first is disabled, everything is operational. Im sure it is a firewall issue, but i dont know how to manage the rule that i should add to clear this issue. Any ideas?

p.s: masquerade addresses of hotspot adresses is enabled.

Any Help?! please i need to activate that hotspot with the firewall enabled...

Do you have an established and related rule somewhare above the drop rule?

3 rules, all allowing incoming packets from different subnets to pass!

Add some log rules, like one right before your drop rule, to determine what is going to get dropped.

Well Thanx!!
I have added the same drop rule with same policies but with an action log instead of drop and moved it just before the drop rule.
I saw packets with destination the router IP address on random Ports greater than 1000. So i ve added 2 rules to allow all the UDP and TCP packets on ports greater than 1000 and less than 2000 on the incoming interface.
Everything seems fine till now...
CheerZ!