Page 1 of 1

how to filter local traffic in hotspot

Posted: Mon Nov 30, 2015 2:47 pm
by RazorN
Hello everyone !!!
I'm using hostpot with radius server. All works fine... but a little problem is that: if any user use local resources It is counted as internet traffic and as a result his data limit quickly exceed. Is it possible to split local traffic from internet traffic???

Re: how to filter local traffic in hotspot

Posted: Thu Dec 03, 2015 10:43 pm
by czolo
You can walledgarden local network

Re: how to filter local traffic in hotspot

Posted: Mon Dec 14, 2015 5:48 am
by RazorN
THanks for reply!!
i tried it but without success...
i want that users can access local resources only after authentification. Therefore i added every authentificated user ip to "Walled Garden IP List" using hotspot->user profile->scripts->on login:
	/ip hotspot walled-garden ip
	add action=accept disabled=no server=hotspot1 src-address=$address dst-address=192.168.7.0/24
$address - authentificated user ip address
But this not work... May be i do something wrong...

Re: how to filter local traffic in hotspot

Posted: Wed Dec 30, 2015 11:41 pm
by flameproof
You cannot do this easily. Once a host is placed in "auth'd" mode, all its traffic is accounted for and passed to RADIUS for accounting (if that's what you use).

One solution I tested and worked, but ended up not implementing, was to use Traffic Flow, with an nfacctd listener which filtered traffic to/from the local network and removed it from a user's data usage. It did the checks based on what was live in the RADONLINE table & the traffic updates that happened once a minute.

This did not cure the user from being cut off by Hotspot after X MB are used, but at least he could log back in and keep using his remaining data.

nfacctd: http://wiki.pmacct.net/OfficialExamples

Make sure you update to 6.33+ as it introduced Traffic Flow fixes which send extra information (v9 only), accounting for NAT & showing you the real client IP address.