I have a Mikrotik rb 450g I'm configuring with a hotspot given the strict implication that users should be able to get out to the internet without the ability to have to modify their network settings on their laptops.
Sounds like what Mikrotik hotspot is supposed to be able to do.
The problem I'm having is none of the devices showing as active in hotspot>active are reachable.
I have a feeling this has to do with the point at which MT hotspots do their 1 to 1 natting.
Bottom line I need the ability to have the ease of use you get with the 1 to 1 natting but need to be able to put some devices on this same interface with a dhcp obtained address set to static, sometimes devices get their address from dhcp other times it looks like it only gets an address from the hotspot pool.
Just to clarify 1 to 1 natting is accomplished by configuring a hotspot with the address pool in user profiles set to a separate subnet then that of dhcp? the following is my configuration.
Pool
0 guest 192.168.1.2-192.168.1.254
1 hspool 192.168.145.2-192.168.145.254
DHCP Server
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 guest GuestLan guest 2h yes
DHCP NETWORKS
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 10.14.0.0/20 10.14.0.1
1 192.168.1.0/24 192.168.1.1 xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
2 192.168.145.0/24 192.168.145.1
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 GuestLan hspool hsprof1 30m
Server Prof
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no
use-radius=no
1 name="hsprof1" hotspot-address=192.168.145.1 dns-name="hotspot.kchi.com"
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=2h
split-user-domain=no use-radius=no
user prof
0 * name="default" address-pool=hspool idle-timeout=none keepalive-timeout=4h
status-autorefresh=1m shared-users=unlimited transparent-proxy=yes
open-status-page=always advertise=no
Firewall>NAT
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 chain=srcnat action=masquerade src-address=192.168.1.0/24
out-interface=Wan
2 X ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.145.0/24
out-interface=Wan
3 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.145.0/24
The DNS is correct and users can seem to get out to internet fine, though we do seem to have occasional complaints.
My main concern is we can't ping anything seen in active hotspot on anything within the 192.168.1.* subnet or the 192.168.145.* subnet from the mikrotik, If the router can't ping these elements then how will be people within the subnets be able to access resources on the subnet.
Please help me out If you have any ideas or know the solution.
Re: hotspot with 1 to 1 natting kills inter subnet communica
I may have identified part of the problem..
The way it was configured dhcp had its own ip pool as should be.
when i set up the address pool on Hotspot > Servers i set the ip pool to be the separate subnet allocated as hotspot pool which is the way I believe it should be.
If you then go under Hotspot > User Profiles I had chosen the same pool i allocated on hot spot Server pool.
Today I changed the User Profile ip pool to none and rebooted then I could start pinging devices on the 192.168.1.* network.
I noticed the other subnet 192.168.145.* which is to be used for hotspot pool no longer shows up in hotspot hosts as it previously did. Before I made these changes today 3/4 of the devices in hotspot hosts had the to address set to a 192.168.145.* address.
I'm sure that was a case of the devices getting a dhcp server address then in host created a mapping from the dhcp assigned address TO a hotspot pool address.
After my changes I'm not seeing mappings to any hotspot addresses at all does that mean universal proxy isn't working, or because the system recognizes the 192.168.1.* addresses as good addresses and hence no reason to translate?
another question is what purpose does the ip pool parameter in user profiles serve?
If setting up universal proxy is setting up a hot spot with a different pool range in hot spot > server then what's in DHCP .
Everything I've read says that's all that's needed to use universal proxy server
The way it was configured dhcp had its own ip pool as should be.
when i set up the address pool on Hotspot > Servers i set the ip pool to be the separate subnet allocated as hotspot pool which is the way I believe it should be.
If you then go under Hotspot > User Profiles I had chosen the same pool i allocated on hot spot Server pool.
Today I changed the User Profile ip pool to none and rebooted then I could start pinging devices on the 192.168.1.* network.
I noticed the other subnet 192.168.145.* which is to be used for hotspot pool no longer shows up in hotspot hosts as it previously did. Before I made these changes today 3/4 of the devices in hotspot hosts had the to address set to a 192.168.145.* address.
I'm sure that was a case of the devices getting a dhcp server address then in host created a mapping from the dhcp assigned address TO a hotspot pool address.
After my changes I'm not seeing mappings to any hotspot addresses at all does that mean universal proxy isn't working, or because the system recognizes the 192.168.1.* addresses as good addresses and hence no reason to translate?
another question is what purpose does the ip pool parameter in user profiles serve?
If setting up universal proxy is setting up a hot spot with a different pool range in hot spot > server then what's in DHCP .
Everything I've read says that's all that's needed to use universal proxy server