hello,
Basically, I can not get the Hotspot page to display(much less any page) on the PC when the "hotspot" server is active.
If i disable "hotspot" server, then web pages will display on PC
Setup:
The NanoStation2 AP has the PC connected directly into its RJ45 power adapter module.
Using a MicroTik 750 with 3.29 firmware.
I saw posting somewhere that mentioned I may need to add some NAT rules.
Ideas on what I need to check?
Re: cant get hotspot page on pc
Please provide us with
Also any other relevant information. Might want to throw in "/ip hotspot export" as well for good measure.
Code: Select all
/ip address print detail
/ip route print detail
/ip firewall export
Re: cant get hotspot page on pc
Acknowledged.
Thanks very much for your help. All requested info below:
[admin@MikroTik] /log> /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255
interface=ether2-local-master actual-interface=ether2-local-master
1 D address=208.74.37.235/25 network=208.74.37.128 broadcast=208.74.37.255
interface=ether1-gateway actual-interface=ether1-gateway
[admin@MikroTik] /log> /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=208.74.37.129 interface=ether1-gateway
gateway-state=reachable distance=0 scope=30 target-scope=10
1 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1
interface=ether2-local-master distance=0 scope=10
2 ADC dst-address=208.74.37.128/25 pref-src=208.74.37.235
interface=ether1-gateway distance=0 scope=10
[admin@MikroTik] /log> /ip firewall export
# jan/02/1970 06:28:31 by RouterOS 3.29
# software id = N6DU-3QTK
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="default configuration" disabled=yes \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=yes in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=yes in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] /log> /ip hotspot export
# jan/02/1970 06:29:53 by RouterOS 3.29
# software id = N6DU-3QTK
#
/ip hotspot user profile
set default address-pool=default-dhcp idle-timeout=none keepalive-timeout=2m \
name=default shared-users=100 status-autorefresh=1m transparent-proxy=no
/ip hotspot profile
set default dns-name=hotspot.believewireless.net hotspot-address=0.0.0.0 \
html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,trial \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
trial-uptime=2m/2m trial-user-profile=default use-radius=no
/ip hotspot
add address-pool=default-dhcp addresses-per-mac=1 disabled=no idle-timeout=\
5m interface=ether2-local-master keepalive-timeout=none name=hotspot1 \
profile=default
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=yes name=guest password=guest profile=default
Thanks very much for your help. All requested info below:
[admin@MikroTik] /log> /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255
interface=ether2-local-master actual-interface=ether2-local-master
1 D address=208.74.37.235/25 network=208.74.37.128 broadcast=208.74.37.255
interface=ether1-gateway actual-interface=ether1-gateway
[admin@MikroTik] /log> /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=208.74.37.129 interface=ether1-gateway
gateway-state=reachable distance=0 scope=30 target-scope=10
1 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1
interface=ether2-local-master distance=0 scope=10
2 ADC dst-address=208.74.37.128/25 pref-src=208.74.37.235
interface=ether1-gateway distance=0 scope=10
[admin@MikroTik] /log> /ip firewall export
# jan/02/1970 06:28:31 by RouterOS 3.29
# software id = N6DU-3QTK
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="default configuration" disabled=yes \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=yes in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=yes in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] /log> /ip hotspot export
# jan/02/1970 06:29:53 by RouterOS 3.29
# software id = N6DU-3QTK
#
/ip hotspot user profile
set default address-pool=default-dhcp idle-timeout=none keepalive-timeout=2m \
name=default shared-users=100 status-autorefresh=1m transparent-proxy=no
/ip hotspot profile
set default dns-name=hotspot.believewireless.net hotspot-address=0.0.0.0 \
html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,trial \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
trial-uptime=2m/2m trial-user-profile=default use-radius=no
/ip hotspot
add address-pool=default-dhcp addresses-per-mac=1 disabled=no idle-timeout=\
5m interface=ether2-local-master keepalive-timeout=none name=hotspot1 \
profile=default
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=yes name=guest password=guest profile=default
Re: cant get hotspot page on pc
Set address-pool=default-dhcp to none under /ip hotspot user profile. If that is set it will be doing universal NAT on every host behind it, and that could be causing a problem.
You can also set shared-user to 0 instead of 100, though that shouldn't be an issue yet. That just limits how many people can sign in with a given account.
Everything else looks normal and like they are the default settings you want to use to at least get started.
You also have two redundant NAT rules that will basically do the same thing, you can delete one or the other, or narrow one of them down to either include a specific subnet or out-interface. Not an issue, just makes the rules cleaner.
You can also set shared-user to 0 instead of 100, though that shouldn't be an issue yet. That just limits how many people can sign in with a given account.
Everything else looks normal and like they are the default settings you want to use to at least get started.
You also have two redundant NAT rules that will basically do the same thing, you can delete one or the other, or narrow one of them down to either include a specific subnet or out-interface. Not an issue, just makes the rules cleaner.
Re: cant get hotspot page on pc
Acknowledged,. Will try your suggested settings and changes.
Thanks,
you mean these rules:
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether1-gateway
Thanks,
you mean these rules:
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether1-gateway
Re: cant get hotspot page on pc
Yes those two NAT rules, you only need one. One of them will masquerade any traffic coming from 192.168.88.0/24 leaving any interface, the other will masquerade any traffic leaving ether1, so are basically accomplishing the same thing in your case.
If you had a DMZ on the router or something similar you would likely want to narrow down the NAT rule, but I'm guessing that doesn't matter to you at this point.
If you had a DMZ on the router or something similar you would likely want to narrow down the NAT rule, but I'm guessing that doesn't matter to you at this point.
Re: cant get hotspot page on pc
Bummer, wish I could say those 3 changes worked, but it didnt.
Something else I must be missing perhaps?
Something else I must be missing perhaps?
Re: cant get hotspot page on pc
Upon comparing settings at a running hotspot of mine:
Set it to the IP on the interface that the hotspot is running on.
If you aren't using HTTPS for the login page, change the login method to PAP. I don't know if CHAP will work with HTTP.
Change this to
Hopefully that does it.
Code: Select all
/ip hotspot profile
hotspot-address=0.0.0.0Code: Select all
/ip hotspot profile
hotspot-address=192.168.88.1If you aren't using HTTPS for the login page, change the login method to PAP. I don't know if CHAP will work with HTTP.
Code: Select all
/ip hotspot
addresses-per-mac=1 Code: Select all
/ip hotspot
addresses-per-mac=2 Re: cant get hotspot page on pc
Wow Feklar 
, thanks for the further followup and help; will make changes and let you know.
Omg, that worked, sweet!
, thanks for the further followup and help; will make changes and let you know.Omg, that worked, sweet!
-
-
midsizewisp
Frequent Visitor
- Posts: 55
- Joined:
Re: cant get hotspot page on pc
We are having the same problem. We are using V5.2 but are running the hotspot on a VLAN. Sites in the walled garden go through just fine but going through the hotspot doesn't take you anywhere. Everything works fine with hotspot turned off.
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
unlimited status-autorefresh=1m transparent-proxy=no
/ip hotspot profile
set default dns-name=test.hotspot.net hotspot-address=10.0.0.1 \
html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
login-by=cookie,http-chap,trial name=default rate-limit="" smtp-server=\
0.0.0.0 split-user-domain=no trial-uptime=30m/1d trial-user-profile=default \
use-radius=no
/ip hotspot
add address-pool=dhcp_pool1 addresses-per-mac=2 disabled=no idle-timeout=5m \
interface="WiFi-VLAN" keepalive-timeout=none name=hotspot1 profile=\
default
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
unlimited status-autorefresh=1m transparent-proxy=no
/ip hotspot profile
set default dns-name=test.hotspot.net hotspot-address=10.0.0.1 \
html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
login-by=cookie,http-chap,trial name=default rate-limit="" smtp-server=\
0.0.0.0 split-user-domain=no trial-uptime=30m/1d trial-user-profile=default \
use-radius=no
/ip hotspot
add address-pool=dhcp_pool1 addresses-per-mac=2 disabled=no idle-timeout=5m \
interface="WiFi-VLAN" keepalive-timeout=none name=hotspot1 profile=\
default
/ip hotspot service-port
set ftp disabled=no ports=21
Re: cant get hotspot page on pc
Basic hotspot setup looks fine there at first glace. Please post the results of the following
Please wrap output in the code tags to make it easier to read.
Code: Select all
/ip address print detail
/ip route print detail
/ip firewall export
-
-
midsizewisp
Frequent Visitor
- Posts: 55
- Joined:
Re: cant get hotspot page on pc
Thanks for the quick reply. Here is the output?
Code: Select all
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0
interface=ether2-local-master actual-interface=ether2-local-master
1 address=2.2.2.2/30 network=2.2.2.0 interface=ether1-gateway
actual-interface=ether1-gateway
2 address=192.168.10.254/24 network=192.168.10.0
interface=ether2-local-master actual-interface=ether2-local-master
3 address=10.0.0.1/16 network=10.0.0.0 interface=WiFi-VLAN
actual-interface=WiFi-VLAN
Code: Select all
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=2.2.2.1
gateway-status=2.2.2.1 reachable ether1-gateway distance=1
scope=30 target-scope=10
1 ADC dst-address=10.0.0.0/16 pref-src=10.0.0.1 gateway=WiFi-VLAN
gateway-status=WiFi-VLAN reachable distance=0 scope=10
2 ADC dst-address=2.2.2.2/30 pref-src=2.2.2.1
gateway=ether1-gateway gateway-status=ether1-gateway reachable
distance=0 scope=10
3 ADC dst-address=192.168.10.0/24 pref-src=192.168.10.254
gateway=ether2-local-master
gateway-status=ether2-local-master reachable distance=0 scope=10
4 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1
gateway=ether2-local-master
gateway-status=ether2-local-master reachable distance=0 scope=10
Code: Select all
[admin@MikroTik] > /ip firewall export
# jan/03/2002 01:19:01 by RouterOS 5.2
# software id = BF04-D6RV
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
Code: Select all
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="default configuration" disabled=yes \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=yes in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=yes in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no new-packet-mark=all \
passthrough=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1-gateway
Code: Select all
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
Re: cant get hotspot page on pc
Everything looks fine there too.
I'm assuming you have a 750, did you disable the switch chip for the port that has the VLAN assigned to it? Master-port=none
When you have the hotspot running do they get the login page, and just nothing after that? Do the memory logs show that they signed in successfully, or that there was a problem?
You could try deleting the hotspot folder and regerating the HTML under the Servers tab in Winbox to see if that might help.
I'm assuming you have a 750, did you disable the switch chip for the port that has the VLAN assigned to it? Master-port=none
When you have the hotspot running do they get the login page, and just nothing after that? Do the memory logs show that they signed in successfully, or that there was a problem?
You could try deleting the hotspot folder and regerating the HTML under the Servers tab in Winbox to see if that might help.
-
-
midsizewisp
Frequent Visitor
- Posts: 55
- Joined:
Re: cant get hotspot page on pc
No hotspot page is displayed. It just sits there waiting for the page.
If I go to a website in the walled garden, it goes through just fine.
If I go to a website in the walled garden, it goes through just fine.
-
-
midsizewisp
Frequent Visitor
- Posts: 55
- Joined:
Re: cant get hotspot page on pc
Torch shows it going to DNS and trying to get to the actual website but nothing else.
-
-
midsizewisp
Frequent Visitor
- Posts: 55
- Joined:
Re: cant get hotspot page on pc
iPad and iPhones do pop-up page but nothing comes up. We get an error that says, "Error Opening Page", "Hotspot login could not open the page because the server stopped responding."
Re: cant get hotspot page on pc
Would you please post these:
/ip dns
/ip hotspot
/ip hotspot profile
/ip dns
/ip hotspot
/ip hotspot profile
-
-
midsizewisp
Frequent Visitor
- Posts: 55
- Joined:
Re: cant get hotspot page on pc
Code: Select all
[admin@Mikrotik] > /ip dns print
servers: 8.8.8.8,4.2.2.1
allow-remote-requests: yes
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 14KiB
Code: Select all
[admin@Mikrotik] > /ip hotspot print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 WiFi-VLAN dhcp_pool2 default 5m
Code: Select all
[admin@Mikrotik] > /ip hotspot profile print
Flags: * - default
0 * name="default" hotspot-address=10.0.0.1
dns-name="hotspot.mikrotik.com" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap,trial http-cookie-lifetime=3d
split-user-domain=no trial-uptime=30m/1d trial-user-profile=default
use-radius=no
Re: cant get hotspot page on pc
I had problems with the dns-name entry. Try deleting that entry and try it, just as a test.
Code: Select all
/ip hotspot profile
set 0 dns-name=""-
-
midsizewisp
Frequent Visitor
- Posts: 55
- Joined:
Re: cant get hotspot page on pc
Already tried that. Same problem.
Re: cant get hotspot page on pc
Is the web browser displaying the correct login address in the address bar of the web browser?
http://10.0.0.1/login
Insure it is not https!
http://10.0.0.1/login
Insure it is not https!
-
-
midsizewisp
Frequent Visitor
- Posts: 55
- Joined:
Re: cant get hotspot page on pc
We found the problem! We had enabled client isolation on the APs. Turning it off fixed it.