Community discussions

MikroTik App
 
User avatar
routik
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Oct 14, 2009 5:40 pm
Location: Abuja-Nigeria
Contact:

can't access router homepage due to hotspot

Wed Jun 29, 2011 4:47 pm

I will like to view my bandwidth usage via graph (http://10.10.99.1/graph) but i can't because my entire network is on hotspot and http://10.10.99.1 is the hotspot login/status page, i try using the WAN ip but the web proxy will not allow me as well. i don;t know which other trick or technique i can use to accesses the router home page.
any help will be highly appreciated.
I enjoy building broadband network with @Mikrotik
 
petrn
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Jul 29, 2010 3:56 am

Re: can't access router homepage due to hotspot

Wed Jun 29, 2011 5:58 pm

Petr
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: can't access router homepage due to hotspot

Wed Jun 29, 2011 6:15 pm

/ip firewall nat add action=accept chain=pre-hotspot dst-address=[YOUR WAN ADDRESS] hotspot=auth
That will turn off the internal proxy for all authenticated connections going to the router's WAN address. Then use the WAN address to access the graphs.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
User avatar
routik
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Oct 14, 2009 5:40 pm
Location: Abuja-Nigeria
Contact:

Re: can't access router homepage due to hotspot

Wed Jun 29, 2011 9:36 pm

/ip firewall nat add action=accept chain=pre-hotspot dst-address=[YOUR WAN ADDRESS] hotspot=auth
That will turn off the internal proxy for all authenticated connections going to the router's WAN address. Then use the WAN address to access the graphs.
The above rule did not work for me, page unavailable.
I enjoy building broadband network with @Mikrotik
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: can't access router homepage due to hotspot

Wed Jun 29, 2011 9:54 pm

That's weird. It should.

Can you post the output of "/interface print detail", "/ip address print detail", "/ip route print detail", "/ip firewall export", and "/ip hotspot export"? Please wrap output in
 tags.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
User avatar
routik
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Oct 14, 2009 5:40 pm
Location: Abuja-Nigeria
Contact:

Re: can't access router homepage due to hotspot

Thu Jun 30, 2011 12:11 pm

Here we go. the value xx.xx.xx.xx represents my WAN ip. ( just for security purpose).

/interface print detail
0  R  name="WAN" type="ether" mtu=1500 

 1  R  name="LAN" type="ether" mtu=1500 l2mtu=1600 

 2  X  name="wlan1" type="wlan" mtu=1500 

 3  R  name="bridge1" type="bridge" mtu=1500 l2mtu=65535
/ip address print detail
 0   address=xx.xx.xx.xx6/30 network=xx.xx.xx.xx4 broadcast=xx.xx.xx.xx7 
     interface=WAN actual-interface=WAN 

 1   address=10.10.99.1/24 network=10.10.99.0 broadcast=10.10.99.255 
     interface=LAN actual-interface=LAN 

 2   address=10.10.101.1/30 network=10.10.101.0 broadcast=10.10.101.3 
     interface=bridge1 actual-interface=bridge1
/ip route print detail
 0 A S  dst-address=0.0.0.0/0 gateway=xx.xx.xx.xx5 
        gateway-status=xx.xx.xx.xx5 reachable WAN distance=1 scope=30 
        target-scope=10 

 1 ADC  dst-address=10.10.99.0/24 pref-src=10.10.99.1 gateway=LAN 
        gateway-status=LAN reachable distance=0 scope=10 

 2 ADC  dst-address=10.10.101.0/30 pref-src=10.10.101.1 gateway=bridge1 
        gateway-status=bridge1 reachable distance=0 scope=10 

 3 ADC  dst-address=xx.xx.xx.xx4/30 pref-src=xx.xx.xx.xx6 gateway=WAN 
        gateway-status=WAN reachable distance=0 scope=10
/ip firewall export
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=hs-input comment="BLOCK P2P IN HOTSPOT" disabled=no \
    in-interface=LAN p2p=all-p2p
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=drop chain=forward comment="drop invalid connections" \
    connection-state=invalid disabled=no
add action=accept chain=forward comment="allow established connections" \
    connection-state=established disabled=no
add action=accept chain=forward comment="allow related connections" \
    connection-state=related disabled=no
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
    protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    135-139 protocol=tcp
add action=add-src-to-address-list address-list="SUSPECTED HACKER" \
    address-list-timeout=1w3d chain=input comment="SUSPECTED HACKERS" \
    connection-limit=4,32 disabled=no dst-address=10.10.99.1 protocol=tcp \
    src-port=8291,3128,80,20,21,22,23,443,3989
add action=add-src-to-address-list address-list="SUSPECTED HACKER" \
    address-list-timeout=4w2d chain=input comment="SUSPECTED HACKERS" \
    connection-limit=3,32 disabled=no in-interface=WAN protocol=tcp src-port=\
    8291,3128,80,20,21,22,23,443,3989
add action=drop chain=input comment="SUSPECTED HACKERS DROP" \
    connection-limit=2,32 disabled=no in-interface=WAN protocol=tcp \
    src-address-list="SUSPECTED HACKER" src-port=\
    8291,3128,80,20,21,22,23,443,3989
add action=drop chain=forward comment="DROP ALL P2P" disabled=no p2p=all-p2p
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \
    dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \
    protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
    protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
    protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 \
    protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 \
    protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \
    protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
    protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \
    protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \
    protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
    protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
    protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
    protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\
    2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\
    3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
    dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
    tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
    udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
    protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
    protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
    9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\
    10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\
    10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \
    protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
    protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\
    27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=\
    no dst-port=65506 protocol=tcp
add action=accept chain=forward comment="Allow HTTP" disabled=no dst-port=80 \
    protocol=tcp
add action=accept chain=forward comment="Allow SMTP" disabled=no dst-port=25 \
    protocol=tcp
add action=accept chain=forward comment="allow TCP" disabled=no protocol=tcp
add action=accept chain=forward comment="allow ping" disabled=no protocol=\
    icmp
add action=accept chain=forward comment="allow udp" disabled=no protocol=udp
add action=drop chain=forward comment="drop everything else" disabled=no
add action=add-src-to-address-list address-list=suspectedspambot \
    address-list-timeout=2d chain=forward comment=\
    "More than 10 simultaneous connections looks spammy" connection-limit=\
    10,32 disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment=\
    "Drop traffic from those on the suspect list" disabled=no dst-port=25 \
    protocol=tcp src-address-list=suspectedspambot
add action=drop chain=input comment="Stupid Hacker" disabled=no in-interface=\
    WAN protocol=tcp src-address=203.129.192.9 src-port=\
    8291,3128,80,20,21,22,23,443,3989
/ip firewall mangle
add action=mark-connection chain=forward comment="MY CONNECTION MARK" \
    connection-mark=!heavy_traffic_conn disabled=no new-connection-mark=\
    all_conn passthrough=yes
add action=mark-connection chain=forward comment="" connection-bytes=\
    3000000-0 connection-mark=all_conn connection-rate=20k-20M disabled=no \
    new-connection-mark=heavy_traffic_conn passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment="" connection-bytes=\
    3000000-0 connection-mark=all_conn connection-rate=20k-20M disabled=no \
    new-connection-mark=heavy_traffic_conn passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="MY PACKET MARK" \
    connection-mark=heavy_traffic_conn disabled=no new-packet-mark=\
    heavy_traffic passthrough=no
add action=mark-packet chain=forward comment="" connection-mark=all_conn \
    disabled=no new-packet-mark=other_traffic passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=10.10.99.0/24
add action=accept chain=pre-hotspot comment="" disabled=yes dst-address=\
    xx.xx.xx.xx4 hotspot=auth src-address=10.10.99.31
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=redirect chain=dstnat comment="Transparent DNS TCP" disabled=no \
    dst-port=53 protocol=tcp src-address=10.10.99.0/24 to-ports=53
add action=redirect chain=dstnat comment="Transparent DNS UDP" disabled=no \
    dst-port=53 protocol=udp src-address=10.10.99.0/24 to-ports=53
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[collins465@Collins Lab] > 
/ip hotspot export
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=no
add dns-name=www.cyndys.com hotspot-address=10.10.99.1 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
    mac,cookie,http-chap mac-auth-password="" name=hsprof1 nas-port-type=\
    wireless-802.11 radius-accounting=yes radius-default-domain="" \
    radius-interim-update=received radius-location-id="" \
    radius-location-name="" radius-mac-format=XX:XX:XX:XX:XX:XX rate-limit="" \
    smtp-server=0.0.0.0 split-user-domain=no use-radius=yes
/ip hotspot
add address-pool=hs-pool-2 addresses-per-mac=2 disabled=no idle-timeout=5m \
    interface=LAN keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default advertise=no idle-timeout=none keepalive-timeout=2m name=default \
    open-status-page=always shared-users=1 status-autorefresh=1m \
    transparent-proxy=yes
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="Collins Laptop" disabled=no mac-address=F0:4D:A2:90:D7:46 name=\
    F0:4D:A2:90:D7:46 password="" profile=default
add comment="" disabled=no name=xxxxxxx password=xxxxxx profile=default
add comment=OPERATOR disabled=no mac-address=00:1D:92:F2:6A:E8 name=\
    00:1D:92:F2:6A:E8 password="" profile=default
add comment=COM-4 disabled=no mac-address=00:11:0A:34:E3:7C name=\
    00:11:0A:34:E3:7C password="" profile=default
add comment=COM-12 disabled=no mac-address=00:C0:4F:09:1C:34 name=\
    00:C0:4F:09:1C:34 password="" profile=default
add comment=COM-19 disabled=no mac-address=00:06:5B:74:E5:0C name=\
    00:06:5B:74:E5:0C password="" profile=default
add comment=12B disabled=no mac-address=00:16:EC:31:3B:45 name=\
    00:16:EC:31:3B:45 password="" profile=default
add comment=COM-14 disabled=no mac-address=00:16:EC:31:35:D2 name=\
    00:16:EC:31:35:D2 password="" profile=default
add comment=COM-13 disabled=no mac-address=00:14:2A:95:FC:36 name=\
    00:14:2A:95:FC:36 password="" profile=default
add comment=COM-10 disabled=no mac-address=00:1B:B9:AF:01:95 name=\
    00:1B:B9:AF:01:95 password="" profile=default
add comment=COM-24 disabled=no mac-address=00:08:74:AC:19:2F name=\
    00:08:74:AC:19:2F password="" profile=default
add comment=COM-8 disabled=no mac-address=00:02:44:36:86:AF name=\
    00:02:44:36:86:AF password="" profile=default
add comment=COM-7 disabled=no mac-address=00:16:EC:31:30:A1 name=\
    00:16:EC:31:30:A1 password="" profile=default
add comment=COM-25 disabled=no mac-address=00:C0:4F:04:51:E7 name=\
    00:C0:4F:04:51:E7 password="" profile=default
add comment=COM-15 disabled=no mac-address=00:0B:DB:63:B5:40 name=\
    00:0B:DB:63:B5:40 password="" profile=default
add comment=COM-22 disabled=no mac-address=00:06:5B:56:E2:9E name=\
    00:06:5B:56:E2:9E password="" profile=default
add comment=COM-1 disabled=no mac-address=00:16:EC:32:45:41 name=\
    00:16:EC:32:45:41 password="" profile=default
add comment=COM-23 disabled=no mac-address=00:0D:56:D3:0C:60 name=\
    00:0D:56:D3:0C:60 password="" profile=default
add comment=COM-16 disabled=no mac-address=00:08:74:A7:84:7C name=\
    00:08:74:A7:84:7C password="" profile=default
add comment=COM-17 disabled=no mac-address=00:16:EC:35:44:1D name=\
    00:16:EC:35:44:1D password="" profile=default
add comment=COM-20 disabled=no mac-address=00:08:74:0A:CF:46 name=\
    00:08:74:0A:CF:46 password="" profile=default
add comment=COM-28 disabled=no mac-address=00:19:21:00:42:15 name=\
    00:19:21:00:42:15 password="" profile=default
add comment=COM-21 disabled=no mac-address=00:06:5B:A3:E1:BA name=\
    00:06:5B:A3:E1:BA password="" profile=default
[collins465@Collins Lab] 
/ip proxy export
/ip proxy
set always-from-cache=no cache-administrator="Collins 08060191465" \
    cache-hit-dscp=4 cache-on-disk=yes enabled=no max-cache-size=100000KiB \
    max-client-connections=1000 max-fresh-time=1w max-server-connections=1000 \
    parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\
    no src-address=0.0.0.0
/ip proxy access
add action=deny comment="" disabled=no dst-host=*btjunkie*
add action=deny comment="" disabled=no dst-host=*thepiratebay*
add action=deny comment="" disabled=no path=*.torrent*
add action=allow comment="ALLOWED ACCESS" disabled=no src-address=\
    10.10.99.0/24
add action=deny comment="BLOCKED ACCESS" disabled=no
Last edited by routik on Fri Jul 01, 2011 2:32 pm, edited 1 time in total.
I enjoy building broadband network with @Mikrotik
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: can't access router homepage due to hotspot

Fri Jul 01, 2011 3:47 am

You can change the port for the router www service to a port besides 80. This worked for me.
/ip service
set www port=8085
Then to access the router
http://10.10.99.1:8085
or for public ip
http://xx.xx.xx.xx:8085
 
User avatar
routik
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Oct 14, 2009 5:40 pm
Location: Abuja-Nigeria
Contact:

Re: can't access router homepage due to hotspot

Fri Jul 01, 2011 11:09 am

You can change the port for the router www service to a port besides 80. This worked for me.
/ip service
set www port=8085
Then to access the router
http://10.10.99.1:8085
or for public ip
http://xx.xx.xx.xx:8085
it worked like charm. Thanks so much.
I enjoy building broadband network with @Mikrotik
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: can't access router homepage due to hotspot

Fri Jul 01, 2011 2:02 pm

You are welcome.

And a reminder: If you change the port and have User Manager on the router, you will need to use that port for it also. This was the original reason I tried this. I can access User Manager from the hotspot localnet now.
http://xx.xx.xx.xx:8085/userman

@fewi: Thanks for karma! :D

ADD: Did I forget to mention that all user signup and payment functions work with that port also? For my setup:
http://192.168.0.1:8085/user?signup=tim
 
andreas140265
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Tue Jan 15, 2013 4:57 pm
Location: Greece

Re: can't access router homepage due to hotspot

Sun May 26, 2013 1:22 am

You are welcome.

And a reminder: If you change the port and have User Manager on the router, you will need to use that port for it also. This was the original reason I tried this. I can access User Manager from the hotspot localnet now.
http://xx.xx.xx.xx:8085/userman

@fewi: Thanks for karma! :D

ADD: Did I forget to mention that all user signup and payment functions work with that port also? For my setup:
http://192.168.0.1:8085/user?signup=tim
That was nice. Worked for me also.
And here is another way:

let the service port=80
use a free ethernet interface, give it an address
hit the address and ......

Hotspot uses the interface you assigned to it,but any other interface will answer

Who is online

Users browsing this forum: zcqian and 33 guests