hello guyess
i hav load balancing
it is working fine
but after enableing hotspot
all peers work with the active routes (D,A) ROUTE
when i disable hotspot
load balancing goes fine and the ip range i marked goes where i configured too
ANY IDEAS I GO COMPELETLY MAD MAD
BY THE WAY LETNI MAKES ME DISCOVER THIS ISSUE
BECAUSE I CHEcKD LOAD BALANCE BEFORE ENABLING HOTSPOT
Re: loadbalancing work fine but with hotspot :( :(
i got a solution by my self
but i need to hear another ideas
the solution i figured is so so simple
but i need to hear another ideas
the solution i figured is so so simple
Re: loadbalancing work fine but with hotspot :( :(
hello i have similar problem, i have load balancing and when i enable hotspot, the entire network goes slow.
did u find a solution to yours.
did u find a solution to yours.
Re: loadbalancing work fine but with hotspot :( :(
hello folks, did u get solution to loadbalancing with hotspot enabled.
Re: loadbalancing work fine but with hotspot :( :(
What kind of load-balancing? The below works for PCC and Hotspot:
Unauthenticated Hotspot connections will not be load-balanced, but everything else will be.
Code: Select all
/ip address
add address=1.1.1.2/24 disabled=no interface=outside1
add address=1.1.2.2/24 disabled=no interface=outside2
add address=10.0.0.1/24 disabled=no interface=hotspot
add address=10.0.1.1/24 disabled=no interface=hotspot2
/ip firewall address-list
add address=10.0.0.0/24 disabled=no list=Local_NAT_Networks
add address=10.0.1.0/24 disabled=no list=Local_NAT_Networks
/ip firewall mangle
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside1 new-connection-mark=outside1_connection passthrough=yes
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside2 new-connection-mark=outside2_connection passthrough=yes
add action=mark-routing chain=output connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes
add action=mark-routing chain=output connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=1.1.1.0/24 src-address-list=Local_NAT_Networks
add action=accept chain=prerouting disabled=no dst-address=1.1.2.0/24 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside1_connection passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside2_connection passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes src-address-list=Local_NAT_Networks
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=to_outside1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.2.1 routing-mark=to_outside2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.2.1 scope=30 target-scope=10Re: loadbalancing work fine but with hotspot :( :(
hello folks,
this post is meant for 2 isp and 2 lan, can it work for 2 isp and one lan ,
pls post the rules for that and also that will work with hotspot.
thanks
this post is meant for 2 isp and 2 lan, can it work for 2 isp and one lan ,
pls post the rules for that and also that will work with hotspot.
thanks
Re: loadbalancing work fine but with hotspot :( :(
Yes, it will. It's the exact same mangle rules, just build the address-list Local_NAT_Networks with only one network. You could change the rules to refer to the LAN directly, but I see no benefit to that - using those rules as is allows you to expand to more LANs just by adding interfaces and adding the networks to the address-list.hello folks,
this post is meant for 2 isp and 2 lan, can it work for 2 isp and one lan ,
pls post the rules for that and also that will work with hotspot.
thanks
Re: loadbalancing work fine but with hotspot :( :(
i tried it and it didnt work,
the rule i tried was simple. and it worked. u segment the 192.168.0.0/24 to groups and route each isp to the different group.
i hope u understand
the rule i tried was simple. and it worked. u segment the 192.168.0.0/24 to groups and route each isp to the different group.
i hope u understand
Re: loadbalancing work fine but with hotspot :( :(
ok,
lets start like this, post rule that will work on 2wan and one lan and if hotspot is enabled, it will still work. and it wont slow the network
pls post .
thanks
lets start like this, post rule that will work on 2wan and one lan and if hotspot is enabled, it will still work. and it wont slow the network
pls post .
thanks
Re: loadbalancing work fine but with hotspot :( :(
Code: Select all
/ip address
add address=1.1.1.2/24 disabled=no interface=outside1
add address=1.1.2.2/24 disabled=no interface=outside2
add address=10.0.0.1/24 disabled=no interface=hotspot
/ip firewall address-list
add address=10.0.0.0/24 disabled=no list=Local_NAT_Networks
/ip firewall mangle
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside1 new-connection-mark=outside1_connection passthrough=yes
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside2 new-connection-mark=outside2_connection passthrough=yes
add action=mark-routing chain=output connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes
add action=mark-routing chain=output connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=1.1.1.0/24 src-address-list=Local_NAT_Networks
add action=accept chain=prerouting disabled=no dst-address=1.1.2.0/24 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside1_connection passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside2_connection passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes src-address-list=Local_NAT_Networks
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=to_outside1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.2.1 routing-mark=to_outside2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.2.1 scope=30 target-scope=10Re: loadbalancing work fine but with hotspot :( :(
thanks folks, i will try, but before then, let me ask you, will it work fine on 2.9.27 version.
thanks
thanks
Re: loadbalancing work fine but with hotspot :( :(
No. PCC got added way later. 2.9.27 is way out of support. No 2.x version is supported anymore at all since 4.0 got released.
Update.
Update.
-
-
CastorTroy
newbie
- Posts: 28
- Joined:
Re: loadbalancing work fine but with hotspot :( :(
fewi,
Would you mind posting a sample hotspot config to go along with your PCC config?
I'd greatly appreciate it.
Would you mind posting a sample hotspot config to go along with your PCC config?
I'd greatly appreciate it.
Re: loadbalancing work fine but with hotspot :( :(
Simple hotspot config, no RADIUS. One profile for 1mbps up and down, a user 'hotspot' with password 'hotspot'. Even unauthenticated users can ping.
And for completion's sake here DHCP, DNS and NAT:
But really the wizard does a decent enough job of filling all that out for you.
Code: Select all
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-pap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
ssl-certificate=none use-radius=no
add dns-name=hotspot.example.com hotspot-address=0.0.0.0 html-directory=hotspot http-proxy=0.0.0.0:0 login-by=https name=hotspot rate-limit=5m/5m smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot
add disabled=no idle-timeout=30m interface=hotspot keepalive-timeout=5m name=hotspot profile=hotspot
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default rate-limit=64k/64k shared-users=unlimited status-autorefresh=1m transparent-proxy=no
add idle-timeout=none keepalive-timeout=15m name=hotspot rate-limit=1m/1m shared-users=unlimited status-autorefresh=1m transparent-proxy=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=hotspot password=hotspot profile=hotspot
/ip hotspot walled-garden ip
add action=accept comment="Allow hotspot users to ping for troubleshooting purposes" disabled=no protocol=icmp
Code: Select all
/ip pool
add name=DHCP-Pool-Hotspot ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add address-pool=DHCP-Pool-Hotspot authoritative=yes bootp-support=static disabled=no interface=hotspot lease-time=3h name=DHCP-Hotspot
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.0/24 comment="" dns-server=10.0.0.1 domain=example.com gateway=10.0.0.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=1.1.1.3 secondary-dns=1.1.2.3
/ip dns static
add address=10.0.0.1 disabled=no name=hotspot.example.com ttl=1d
/ip firewall nat
add chain=srcnat action=masquerade disabled=no out-interface=outside1
add chain=srcnat action=masquerade disabled=no out-interface=outside2
-
-
CastorTroy
newbie
- Posts: 28
- Joined:
Re: loadbalancing work fine but with hotspot :( :(
The issue I am having currently is that with the hotspot enabled, users are not able to resolve DNS. Users can ping DNS servers, but aren't able to resolve anything.
Disable the hotspot, and DNS works fine.
Disable the hotspot, and DNS works fine.
Re: loadbalancing work fine but with hotspot :( :(
Post the output of "/ip dns". As per the manual that section _must_ be set up right for Hotspots to function.
Enabling a Hotspot brings up dynamic rules in the firewall, one of which redirects DNS. That redirection in turn uses the internal DNS proxy, so if that doesn't function right, the clients have DNS issues.
Enabling a Hotspot brings up dynamic rules in the firewall, one of which redirects DNS. That redirection in turn uses the internal DNS proxy, so if that doesn't function right, the clients have DNS issues.
-
-
CastorTroy
newbie
- Posts: 28
- Joined:
Re: loadbalancing work fine but with hotspot :( :(
I upgraded the box to 4.2 (was running 3.27 
), and now DNS is working fine with the hotspot
The next issue I am having is regarding the load balancing itself.
I have WAN1, WAN2, and LAN1.
Using the ping utility, if I specify to ping out to the internet from WAN1, it can get out just fine. However, if I specify to ping out to the internet from WAN2, it cannot. I can ping the WAN2 gateway from WAN2, but no internet addresses.
If I disable WAN1, WAN2 then works with no issue, and I can ping out to the internet
), and now DNS is working fine with the hotspotThe next issue I am having is regarding the load balancing itself.
I have WAN1, WAN2, and LAN1.
Using the ping utility, if I specify to ping out to the internet from WAN1, it can get out just fine. However, if I specify to ping out to the internet from WAN2, it cannot. I can ping the WAN2 gateway from WAN2, but no internet addresses.
If I disable WAN1, WAN2 then works with no issue, and I can ping out to the internet
-
-
CastorTroy
newbie
- Posts: 28
- Joined:
Re: loadbalancing work fine but with hotspot :( :(
I am still running into DNS issues.....
Output of ip dns:
primary-dns: 67.91.XXX.XXX
secondary-dns: 67.91.XXX.XXX
allow-remote-requests: no
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 4KiB
Output of ip dns:
primary-dns: 67.91.XXX.XXX
secondary-dns: 67.91.XXX.XXX
allow-remote-requests: no
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 4KiB
Re: loadbalancing work fine but with hotspot :( :(
As I said, for Hotspot to function right you _must_ set up the DNS proxy.
Code: Select all
/ip dns set allow-remote-request=yes-
-
CastorTroy
newbie
- Posts: 28
- Joined:
Re: loadbalancing work fine but with hotspot :( :(
fewi, no change. hosts are still unable to resolve DNS. can ping out just fine...
Re: loadbalancing work fine but with hotspot :( :(
Try adding
as a wild stab without seeing your actual configuration.
Code: Select all
/ip hotspot walled-garden ip add protocol=udp dst-port=53 action=accept
/ip firewall filter add chain=input action=accept protocol=udp dst-port=53 place-before=0
-
-
CastorTroy
newbie
- Posts: 28
- Joined:
Re: loadbalancing work fine but with hotspot :( :(
No luck there either.
If I clear out the DNS cache on the Mikrotik, and try to get to a website while running the torch, I see the DNS request come in, and I see the DNS cache add the proper entry. However, while monitoring the torch, the Mikrotik never sends out a response with the DNS reply.
If I disable the hotspot, while monitoring the torch, I see both the request, and the reply, on the hotspot's interface.
If I clear out the DNS cache on the Mikrotik, and try to get to a website while running the torch, I see the DNS request come in, and I see the DNS cache add the proper entry. However, while monitoring the torch, the Mikrotik never sends out a response with the DNS reply.
If I disable the hotspot, while monitoring the torch, I see both the request, and the reply, on the hotspot's interface.
Re: loadbalancing work fine but with hotspot :( :(
Post the output of "/ip hotspot export", "/ip firewall export", "/ip dns export", "/ip address export", "/ip dhcp-server export", "/ip pool export", "/interface print detail" and "/ip route print detail"
-
-
CastorTroy
newbie
- Posts: 28
- Joined:
Re: loadbalancing work fine but with hotspot :( :(
ether1 is wan1
ether2 is wan2
wlan1 is lan/hotspot
ether2 is wan2
wlan1 is lan/hotspot
Code: Select all
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name="" hotspot-address=10.0.0.1 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot
add address-pool=pool1 addresses-per-mac=2 disabled=no idle-timeout=5m interface=wlan1 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=password profile=default
/ip hotspot walled-garden ip
add action=accept comment="" disabled=no protocol=icmp
add action=accept comment="" disabled=no dst-port=53 protocol=udp
/ip firewall address-list
add address=10.0.0.0/24 comment="" disabled=no list=Local_NAT_Networks
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether1 new-connection-mark=outside1_connection passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether2 new-connection-mark=outside2_connection passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.16.0/24 src-address-list=Local_NAT_Networks
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.50.0/24 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside1_connection passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=\
Local_NAT_Networks
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside2_connection passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=\
Local_NAT_Networks
add action=mark-routing chain=prerouting comment="" connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting comment="" connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes src-address-list=Local_NAT_Networks
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no src-address=10.0.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=67.91.XX.XX secondary-dns=67.91.XX.XX
/ip dhcp-server
add address-pool=pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=wlan1 lease-time=3d name=server1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.0/24 comment="hotspot network" gateway=10.0.0.1
[admin@wfgy-wfgtwoharbomn-02] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1" type="ether" mtu=1500 l2mtu=1526
1 R name="ether2" type="ether" mtu=1500 l2mtu=1522
2 name="ether3" type="ether" mtu=1500 l2mtu=1522
3 R name="wlan1" type="wlan" mtu=1500 l2mtu=2290
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=192.168.16.1 gateway-status=192.168.16.1 reachable ether1 check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_outside1
1 A S dst-address=0.0.0.0/0 gateway=192.168.50.1 gateway-status=192.168.50.1 reachable ether2 check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_outside2
2 A S dst-address=0.0.0.0/0 gateway=192.168.16.1 gateway-status=192.168.16.1 reachable ether1 check-gateway=ping distance=5 scope=30 target-scope=10
3 S dst-address=0.0.0.0/0 gateway=192.168.50.1 gateway-status=192.168.50.1 reachable ether2 check-gateway=ping distance=10 scope=30 target-scope=10
4 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=wlan1 gateway-status=wlan1 reachable distance=0 scope=10
5 ADC dst-address=192.168.16.0/24 pref-src=192.168.16.25 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10
6 ADC dst-address=192.168.50.0/24 pref-src=192.168.50.25 gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10
-
-
CastorTroy
newbie
- Posts: 28
- Joined:
Re: loadbalancing work fine but with hotspot :( :(
We got it working.....
The problem is that the host computer I was using had a statically defined DNS server, while using DHCP for the IP and gateway, the DNS proxy does not work. Setting DNS to DHCP, instead of static, and I can
Creating a NAT rule to simply pass through DNS traffic, instead of using the proxy, and everything works fine.
The problem is that the host computer I was using had a statically defined DNS server, while using DHCP for the IP and gateway, the DNS proxy does not work. Setting DNS to DHCP, instead of static, and I can
Creating a NAT rule to simply pass through DNS traffic, instead of using the proxy, and everything works fine.
Re: loadbalancing work fine but with hotspot :( :(
This thread contains a working configuration for Hotspot + PCC using 3.30, it also works in later versions. The configuration worked for me, as well as someone else once unrelated issues were fixed.
I don't know what else you want.
I don't know what else you want.
Re: loadbalancing work fine but with hotspot :( :(
I would help you if you didn't make it impossible to do so.
Again, this thread contains a working configuration specifically for 3.30 and your scenario. You're not giving any details on how you determined load balancing isn't working for you, and didn't even just post a copy of your configuration.
What are you expecting people to do, and how are you expecting them to help you?
Again, this thread contains a working configuration specifically for 3.30 and your scenario. You're not giving any details on how you determined load balancing isn't working for you, and didn't even just post a copy of your configuration.
What are you expecting people to do, and how are you expecting them to help you?
Re: loadbalancing work fine but with hotspot :( :(
If you had indicated that several days ago instead of just asking the same question over and over you would have received help days ago.
Post the output of "/ip address print detail", "/interface print", "/ip firewall mangle print detail" and "/ip route print detail".
Post the output of "/ip address print detail", "/interface print", "/ip firewall mangle print detail" and "/ip route print detail".
Re: loadbalancing work fine but with hotspot :( :(
I understand that.
PCC + Hotspot requires some additional configuration of PCC. I've asked you to post your PCC configuration so I can tell you what changes to make so that it looks like the configuration further above in this thread.
PCC + Hotspot requires some additional configuration of PCC. I've asked you to post your PCC configuration so I can tell you what changes to make so that it looks like the configuration further above in this thread.
Re: loadbalancing work fine but with hotspot :( :(
Then read the post from "Wed Oct 14, 2009 10:18 am" in this thread and apply it.
I cannot help you beyond that.
I cannot help you beyond that.
Re: loadbalancing work fine but with hotspot :( :(
That post contains the configuration. There is nothing else to send.
Re: loadbalancing work fine but with hotspot :( :(
How i can create the nat rule? i have the same problem with 3 wan load balance PCC + 1 lan with hotspot. but the hotspot dont redirect to login page, i try to put the ip directly on the webbroser and i can login sucess and browse internet fine, the only problem is the redirect hotspot login page. help pleaseWe got it working.....
The problem is that the host computer I was using had a statically defined DNS server, while using DHCP for the IP and gateway, the DNS proxy does not work. Setting DNS to DHCP, instead of static, and I can
Creating a NAT rule to simply pass through DNS traffic, instead of using the proxy, and everything works fine.
Re: loadbalancing work fine but with hotspot :( :(
fewi you can explain why you use the DNS 1.1.1.3?? 1.1.2.3? i can use 1.1.11 and 1.1.2.1??That post contains the configuration. There is nothing else to send.
or maybe DNS 8.8.8.8 ? please help me
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=1.1.1.3 secondary-dns=1.1.2.3
Re: loadbalancing work fine but with hotspot :( :(
It's an example. Those are not real DNS servers. Substitute your own.
Re: loadbalancing work fine but with hotspot :( :(
How i can create the nat rule? i have the same problem with 3 wan load balance PCC + 1 lan with hotspot. but the hotspot dont redirect to login page, i try to put the ip directly on the webbroser and i can login sucess and browse internet fine, the only problem is the redirect hotspot login page. help pleaseWe got it working.....
The problem is that the host computer I was using had a statically defined DNS server, while using DHCP for the IP and gateway, the DNS proxy does not work. Setting DNS to DHCP, instead of static, and I can
Creating a NAT rule to simply pass through DNS traffic, instead of using the proxy, and everything works fine.
Code: Select all
/ip firewall nat
add action=accept chain=hotspot comment="Allow DNS to pass through for guests \
that have been authed on the network." disabled=no dst-port=53 hotspot=\
auth protocol=udp
add action=accept chain=hotspot comment="" disabled=no dst-port=53 hotspot=\
auth protocol=tcp
Re: loadbalancing work fine but with hotspot :( :(
thanks i will try
Re: loadbalancing work fine but with hotspot :( :(
I have the following and my customers are staring to hate me.
1) slow connection
2) Some customer cannot get login page
3) server not found after customer starts to browse
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set default idle-timeout=10m keepalive-timeout=5m name=default rate-limit=386k/1024k session-timeout=2m shared-users=1 status-autorefresh=1m \
transparent-proxy=no
add idle-timeout=10m keepalive-timeout=2m name=multi-user rate-limit=256k/1024k session-timeout=2m shared-users=2 status-autorefresh=1m transparent-proxy=no
/ip hotspot profile
add dns-name="" hotspot-address=10.0.0.138 html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,https,http-pap,trial name=hsprof1 nas-port-type=\
cable radius-accounting=yes radius-default-domain="" radius-interim-update=received radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no ssl-certificate=none trial-uptime=30m/1w trial-user-profile=default use-radius=\
yes
/ip hotspot
add disabled=no idle-timeout=10m interface=bridge1 keepalive-timeout=none name="AI Broadband" profile=hsprof1
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=aislecom-pool ranges=10.0.0.2-10.0.0.137,10.0.0.140-10.0.0.150
/ip dhcp-server
add address-pool=aislecom-pool authoritative=after-2sec-delay bootp-support=static disabled=no interface=bridge1 lease-time=2h name=dhcp1
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.0.0.138/24 broadcast=10.0.0.255 comment="" disabled=no interface=bridge1 network=10.0.0.0
add address=63.245.x.24/26 broadcast=63.245.x.x comment="" disabled=no interface=ether1 network=63.245.x.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.0/24 comment="" dns-server=4.2.2.1,205.214.x.x gateway=10.0.0.138 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=4.2.2.1,205.214.x.x
/ip firewall address-list
add address=10.0.0.0/24 comment="" disabled=no list=Local_NAT_Networks
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m \
udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether1 new-connection-mark=ether1_connection passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=pppoe1 new-connection-mark=pppoe1_connection passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=ether1_connection disabled=no new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe1_connection disabled=no new-routing-mark=to_pppoe1 passthrough=yes
add action=accept chain=prerouting comment="" disabled=no dst-address=63.245.x.24/26 src-address-list=Local_NAT_Networks
add action=accept chain=prerouting comment="" disabled=no dst-address=216.110.x.1/24 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=\
ether1_connection passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=\
pppoe1_connection passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting comment="" connection-mark=ether1_connection disabled=no new-routing-mark=to_ether1 passthrough=yes \
src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting comment="" connection-mark=pppoe1_connection disabled=no new-routing-mark=to_pppoe1 passthrough=yes \
src-address-list=Local_NAT_Networks
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5900 in-interface=ether1 protocol=tcp to-addresses=10.0.0.245 to-ports=5900
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5900 in-interface=pppoe1 protocol=tcp to-addresses=10.0.0.245 to-ports=5900
add action=masquerade chain=srcnat comment="Masq for GW1" disabled=no out-interface=ether1
add action=masquerade chain=srcnat comment="Masq for GW2" disabled=no out-interface=pppoe1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set bridge1 discover=yes
set pppoe1 discover=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=63.245.x.1 routing-mark=to_ether1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=205.214.x.1 routing-mark=to_pppoe1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=5 dst-address=0.0.0.0/0 gateway=63.245.x.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=10 dst-address=0.0.0.0/0 gateway=205.214.x.1 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
1) slow connection
2) Some customer cannot get login page
3) server not found after customer starts to browse
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set default idle-timeout=10m keepalive-timeout=5m name=default rate-limit=386k/1024k session-timeout=2m shared-users=1 status-autorefresh=1m \
transparent-proxy=no
add idle-timeout=10m keepalive-timeout=2m name=multi-user rate-limit=256k/1024k session-timeout=2m shared-users=2 status-autorefresh=1m transparent-proxy=no
/ip hotspot profile
add dns-name="" hotspot-address=10.0.0.138 html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,https,http-pap,trial name=hsprof1 nas-port-type=\
cable radius-accounting=yes radius-default-domain="" radius-interim-update=received radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no ssl-certificate=none trial-uptime=30m/1w trial-user-profile=default use-radius=\
yes
/ip hotspot
add disabled=no idle-timeout=10m interface=bridge1 keepalive-timeout=none name="AI Broadband" profile=hsprof1
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=aislecom-pool ranges=10.0.0.2-10.0.0.137,10.0.0.140-10.0.0.150
/ip dhcp-server
add address-pool=aislecom-pool authoritative=after-2sec-delay bootp-support=static disabled=no interface=bridge1 lease-time=2h name=dhcp1
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.0.0.138/24 broadcast=10.0.0.255 comment="" disabled=no interface=bridge1 network=10.0.0.0
add address=63.245.x.24/26 broadcast=63.245.x.x comment="" disabled=no interface=ether1 network=63.245.x.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.0/24 comment="" dns-server=4.2.2.1,205.214.x.x gateway=10.0.0.138 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=4.2.2.1,205.214.x.x
/ip firewall address-list
add address=10.0.0.0/24 comment="" disabled=no list=Local_NAT_Networks
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m \
udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether1 new-connection-mark=ether1_connection passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=pppoe1 new-connection-mark=pppoe1_connection passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=ether1_connection disabled=no new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe1_connection disabled=no new-routing-mark=to_pppoe1 passthrough=yes
add action=accept chain=prerouting comment="" disabled=no dst-address=63.245.x.24/26 src-address-list=Local_NAT_Networks
add action=accept chain=prerouting comment="" disabled=no dst-address=216.110.x.1/24 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=\
ether1_connection passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=\
pppoe1_connection passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting comment="" connection-mark=ether1_connection disabled=no new-routing-mark=to_ether1 passthrough=yes \
src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting comment="" connection-mark=pppoe1_connection disabled=no new-routing-mark=to_pppoe1 passthrough=yes \
src-address-list=Local_NAT_Networks
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5900 in-interface=ether1 protocol=tcp to-addresses=10.0.0.245 to-ports=5900
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5900 in-interface=pppoe1 protocol=tcp to-addresses=10.0.0.245 to-ports=5900
add action=masquerade chain=srcnat comment="Masq for GW1" disabled=no out-interface=ether1
add action=masquerade chain=srcnat comment="Masq for GW2" disabled=no out-interface=pppoe1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set bridge1 discover=yes
set pppoe1 discover=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=63.245.x.1 routing-mark=to_ether1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=205.214.x.1 routing-mark=to_pppoe1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=5 dst-address=0.0.0.0/0 gateway=63.245.x.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=10 dst-address=0.0.0.0/0 gateway=205.214.x.1 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
Re: loadbalancing work fine but with hotspot :( :(
I'd try and isolate where the potential problem lies. Disable one of the links and see if the problem continues, if it doesn't swap over to the other link and see if the problem is still there or not. Dissable load balancing while you do these tests. If it works on both links, that tells you your load balancing setup may be incorrect, if it continues to happen on one link but not the other, that tells you where to look. If the problem is on both links, try plugging your computer directly into those links and try it out yourself to determine if it's a possible router configuration.
Also since you are using PPPoE I'm assuming you have a DSL line, be sure no other device is acting as a PPPoE client on the same line. Make sure your modem is in transparent bridge mode as well.
Also since you are using PPPoE I'm assuming you have a DSL line, be sure no other device is acting as a PPPoE client on the same line. Make sure your modem is in transparent bridge mode as well.