Hi! Sorry for my bad English.
I've installed my first hotspot server on mikrotik 3/ I had no experience in configuring hotspot before.
I have router with two interfaces
local: 192.168.122.1/24
out: 192.168.105.12/24
I've set up walled garden ip address list 192.168.0.0/16 and all unauthorized clients are connecting to them but they are still NATed while connecting to 192.168.0.0/16 with 192.168.105.12 IP address.
I need them to connect directly without NAT to this private IP addresses and ONLY when connecting to addresses not specified in Walled Garden IP Address list they should not be NATted. Also I need to allow access to internal 192.168.122.0/24 network from 192.168.0.0/16 IP's
I've tried to disable NAT for 192.168.0.0/16 IP address range but with no luck, i've also get admin prohibited errors to that addresses regardless of authorized/unauthorized user.
Pls help me out with that. Thx!
Re: Hotspot NAT question
so this setup is impossible?
i really need to know
i really need to know
Re: Hotspot NAT question
Code: Select all
out:[192.168.105.12/24]
in:[192.168.122.1/24] run hotspot on vlan1
|
|Route
|
vlan2[172.16.0.1/24] internal network
|
|
|
clients[17.16.0.x/24] Your clientsbut when try to connect to 192.168.x.x or other then will be routed in
the hotspot interface.
I am not sure of the thing.
You should try
Re: Hotspot NAT question
My clients have 192.168.122/24 addresses, I need them to access 192.168.0.0/16 network without been NATted. And they need to be NATted as 192.168.105.12 only when accessing everything else.
Walled Garden allows them to access 192.168.0.0/16 without authentication but they are still NATted as 192.168.105.12 even for local addresses. That's not good, that's in fact very bad!
Walled Garden allows them to access 192.168.0.0/16 without authentication but they are still NATted as 192.168.105.12 even for local addresses. That's not good, that's in fact very bad!
Re: Hotspot NAT question
its quite easy if you understand how your nat rule works.
just modify your masquerade rule to say, src-nat action=masquerade where dst-address!=192.168.0.0/16 .. hence it will masquerade anything NOT going to the 192.168.0.0/16 range.
just modify your masquerade rule to say, src-nat action=masquerade where dst-address!=192.168.0.0/16 .. hence it will masquerade anything NOT going to the 192.168.0.0/16 range.
Re: Hotspot NAT question
i've tried to do so, but traffic simply stop going to 192.168.0.0/16 even for authenticated users, even when i've added accept rule for 192.168.0.0/16 destinationits quite easy if you understand how your nat rule works.
just modify your masquerade rule to say, src-nat action=masquerade where dst-address!=192.168.0.0/16 .. hence it will masquerade anything NOT going to the 192.168.0.0/16 range.
speak for yourself man. i have some restrictions provided and have to follow 'emLooks like you don't understand networks and logical thinking. Can't help with that, noone can
Re: Hotspot NAT question
Put all networks with free access before your hotspot interface and routing them.
Re: Hotspot NAT question
u mean I should put "accept" rule for this networks before any hotspot rules?Put all networks with free access before your hotspot interface and routing them.
P.S.: we have OSPF here so with routing everything is OK
Re: Hotspot NAT question
I think that is enough to put the hotspot on an interface and internal network on other interface and, if you haven't any free interface, you should use vlan.
And, yes, add "accept" rule
Can you try it?
And, yes, add "accept" rule
Can you try it?
Re: Hotspot NAT question
I can try it tomorrow morning
But about network topology -- i could not change it, i have only access to my local segment -- 192.168.122.0/24, everything else is not under my control.
But about network topology -- i could not change it, i have only access to my local segment -- 192.168.122.0/24, everything else is not under my control.
Who is online
Users browsing this forum: sreiser and 37 guests