Community discussions

MikroTik App
 
lox
just joined
Topic Author
Posts: 20
Joined: Wed Oct 05, 2022 1:05 pm

Allow access to Hotspot network from managment VLAN

Mon Jan 16, 2023 10:27 am

Hello,

I have a BASE VLAN that is allowed, by a firewall rule, to access all other VLANs.
I have a CUSTOMERS VLAN that have minimum access.

I can access the devices connected to the CUSTOMERS VLAN from the BASE VLAN. But as soon as I enable Hotspot on the CUSTOMERS VLAN, the Hotspot feature adds its own rules, and thus I cannot any more access the devices connected to the CUSTOMERS VLAN.

Which firewall rule would allow me to keep access to devices in the CUSTOMERS VLAN ?

Thanks.
/ip firewall filter print dynamic 
Flags: X - disabled, I - invalid; D - dynamic 
 0  D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth 

 1  D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth 

 2  D chain=input action=jump jump-target=hs-input hotspot=from-client 

 3  D chain=input action=drop protocol=tcp hotspot=!from-client dst-port=64872-64875 

 4  D chain=hs-input action=jump jump-target=pre-hs-input 

 5  D chain=hs-input action=accept protocol=udp dst-port=64872 

 6  D chain=hs-input action=accept protocol=tcp dst-port=64872-64875 

 7  D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth 

 8  D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp 

 9  D chain=hs-unauth action=reject reject-with=icmp-net-prohibited 

10  D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited 

11  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough

/ip firewall nat print dynamic
Flags: X - disabled, I - invalid; D - dynamic 
 0  D chain=dstnat action=jump jump-target=hotspot hotspot=from-client 

 1  D chain=hotspot action=jump jump-target=pre-hotspot 

 2  D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53 

 3  D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53 

 4  D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80 

 5  D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443 

 6  D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth 

 7  D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth 

 8  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80 

 9  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128 

10  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080 

11  D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443 

12  D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 

13  D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http 

14  D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25

Who is online

Users browsing this forum: Ahrefs [Bot], xrlls and 81 guests