I'm trying to configure a physical (not wireless) hotspot on my router. The objective is that a client connect to the router, try to reach any website, get redirected to my hotspot page, accept the terms of services, then automatically get redirected to the site he was trying to reach.
But I'm struggling so much... I read this1 doc: https://wiki.mikrotik.com/wiki/Manual:C ... ng_Hotspot and this 2: https://help.mikrotik.com/docs/pages/vi ... d=56459266.
Using the `setup` option of the second one, automatically generated me a lot of nat rules and some html files. I don't understand how mikrotik is adding the IP of the client if he accept the terms of services (I've setup a one click authentication for the hotspot). I don't understand, in the HTML files, how mikrotik is redirecting the client to the good page. The first doc provide some variables explanation, but the generated site uses a lot more...
There's my nat rules:
Code: Select all
[admin@MikroTik] /ip/hotspot> /ip firewall/nat print
Flags: X - disabled, I - invalid; D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
1 D chain=hotspot action=jump jump-target=pre-hotspot
2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53
3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53
4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80
5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443
6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth
7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth
8 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80
9 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128
10 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080
11 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443
12 D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
13 D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http
14 D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
15 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
16 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.1.0/24
hotspot configuration:
Code: Select all
[admin@MikroTik] /ip/hotspot> print
Columns: NAME, INTERFACE, ADDRESS-POOL, PROFILE, IDLE-TIMEOUT
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 ether9 hs-pool-13 hsprof1 5m
[admin@MikroTik] /ip/hotspot> profile/print
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot html-directory-override="" install-hotspot-queue=no http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap
http-cookie-lifetime=3d split-user-domain=no use-radius=no
1 name="hsprof1" hotspot-address=192.168.1.1 dns-name="192.168.1.1" html-directory=hotspot html-directory-override=hotspot-test install-hotspot-queue=no http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
With this configuration, the client does not get redirected automatically to the login page if he select a domain name, it does if the client use any ip address. After accepting the terms of services, the client does not get redirected to the site he want, but to a status page or the "If nothing happens, click here". I tried to modify this, but nothing seams to works...
If anyone already personalize a hotspot and can explain me how all of this works, it would be marvelous. I can provide the content of the different HTML page, but there's a lot.
Regards