I have a BASE VLAN that is allowed, by a firewall rule, to access all other VLANs.
I have a CUSTOMERS VLAN that have minimum access.
I can access the devices connected to the CUSTOMERS VLAN from the BASE VLAN. But as soon as I enable Hotspot on the CUSTOMERS VLAN, the Hotspot feature adds its own rules, and thus I cannot any more access the devices connected to the CUSTOMERS VLAN.
Which firewall rule would allow me to keep access to devices in the CUSTOMERS VLAN ?
Thanks.
Code: Select all
/ip firewall filter print dynamic
Flags: X - disabled, I - invalid; D - dynamic
0 D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth
1 D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth
2 D chain=input action=jump jump-target=hs-input hotspot=from-client
3 D chain=input action=drop protocol=tcp hotspot=!from-client dst-port=64872-64875
4 D chain=hs-input action=jump jump-target=pre-hs-input
5 D chain=hs-input action=accept protocol=udp dst-port=64872
6 D chain=hs-input action=accept protocol=tcp dst-port=64872-64875
7 D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth
8 D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp
9 D chain=hs-unauth action=reject reject-with=icmp-net-prohibited
10 D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited
11 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
/ip firewall nat print dynamic
Flags: X - disabled, I - invalid; D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
1 D chain=hotspot action=jump jump-target=pre-hotspot
2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53
3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53
4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80
5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443
6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth
7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth
8 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80
9 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128
10 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080
11 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443
12 D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
13 D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http
14 D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25