HELLO ALL,
PLEASE I HAVE BEEN BATTLING WITH CONFIGURING HOTSPOT FOR 3 DAYS NOW.
<<<<<<SITUATION>>>>>>
MY COMPANY RUNS A SERVICED OFFICE, WE HAVE ABOUT 15 COMPANY USING OUR IT INFRASTRUCTURE AND INTERNET SERVICE.
LATELY WE HAVE BEEN EXPERIENCING SLOW INTERNET CONNECTION DUE TO INCREASING TRAFFIC.
I JUST PURCHASED 2 MIKROTIK ROUBER RB1100 FOR OUR 2 OFFICES.
1. I WANT TO CONFIGURE HOTSPOT SO THAT OR WHAT EACH COMPANY'S INTERNET USAGE
2. I WANT, ALSO, TO BLOCK SOME SITES AND PROTOCOLS LIKE BIT TORRENT
FOR NOW.
<<<<PROBLEM>>>>>>
I CREATED HOTSPOT USING "/ip hotspot setup" command but client on the network couldnot connect to the login page until i manually config mikrotik as the proxy server .
AFTER DOING THE ABOVE AND SEEING THE LOGIN STATUS, CLIENT PC STILL CANNOT GET TO WEBSITE.
<<<<<MY SETTINGS>>>>
ip hotspot print detail
Flags: X - disabled, I - invalid, S - HTTPS
0 name="hotspot1" interface=ether2 address-pool=hs-pool-10 profile=hsprof1 idle-timeout=5m keepalive-timeout=none addresses-per-mac=2 ip-of-dns-name=192.168.20.1
proxy-status="running"
ip firewall print detail
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 ;;; accept established connection packets
chain=input action=accept connection-state=established
2 ;;; accept related connection packets
chain=input action=accept connection-state=related
3 X ;;; drop invalid packets
chain=input action=drop connection-state=invalid
4 ;;; Allow Broadcast Traffic
chain=input action=accept dst-address-type=broadcast
5 ;;; Drop Blaster Worm
chain=virus action=drop protocol=tcp dst-port=135-139
6 ;;; Drop Messenger Worm
chain=virus action=drop protocol=udp dst-port=135-139
7 ;;; Drop Blaster Worm
chain=virus action=drop protocol=tcp dst-port=445
8 ;;; Drop Blaster Worm
chain=virus action=drop protocol=udp dst-port=445
9 ;;; ________
chain=virus action=drop protocol=tcp dst-port=593
10 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1024-1030
11 ;;; Drop MyDoom
chain=virus action=drop protocol=tcp dst-port=1080
12 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1214
13 ;;; ndm requester
chain=virus action=drop protocol=tcp dst-port=1363
14 ;;; ndm server
chain=virus action=drop protocol=tcp dst-port=1364
15 ;;; screen cast
chain=virus action=drop protocol=tcp dst-port=1368
16 ;;; hromgrafx
chain=virus action=drop protocol=tcp dst-port=1373
17 ;;; cichlid
chain=virus action=drop protocol=tcp dst-port=1377
18 ;;; Worm
chain=virus action=drop protocol=tcp dst-port=1433-1434
19 ;;; Bagle Virus
chain=virus action=drop protocol=tcp dst-port=2745
20 ;;; Drop Dumaru.Y
chain=virus action=drop protocol=tcp dst-port=2283
21 ;;; Drop Beagle
chain=virus action=drop protocol=tcp dst-port=2535
22 ;;; Drop Beagle.C-K
chain=virus action=drop protocol=tcp dst-port=2745
23 ;;; Drop MyDoom
chain=virus action=drop protocol=tcp dst-port=3127-3128
24 ;;; Drop Backdoor OptixPro
chain=virus action=drop protocol=tcp dst-port=3410
25 ;;; Worm
chain=virus action=drop protocol=tcp dst-port=4444
26 ;;; Worm
chain=virus action=drop protocol=udp dst-port=4444
27 ;;; Drop Sasser
chain=virus action=drop protocol=tcp dst-port=5554
28 ;;; Drop Beagle.B
chain=virus action=drop protocol=tcp dst-port=8866
29 ;;; Drop Dabber.A-B
chain=virus action=drop protocol=tcp dst-port=9898
30 ;;; Drop Dumaru.Y
chain=virus action=drop protocol=tcp dst-port=10000
31 ;;; Drop MyDoom.B
chain=virus action=drop protocol=tcp dst-port=10080
32 ;;; Drop NetBus
chain=virus action=drop protocol=tcp dst-port=12345
33 ;;; Drop Kuang2
chain=virus action=drop protocol=tcp dst-port=17300
34 ;;; Drop SubSeven
chain=virus action=drop protocol=tcp dst-port=27374
35 ;;; Drop PhatBot, Agobot, Gaobot
chain=virus action=drop protocol=tcp dst-port=65506
36 ;;; jump to the virus chain
chain=forward action=jump jump-target=virus
37 ;;; Port scanners to list
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=port scanners address-list-timeout=2w
38 ;;; NMAP FIN Stealth scan
chain=input action=add-src-to-address-list tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=port scanners address-list-timeout=2w
39 ;;; SYN/FIN scan
chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp address-list=port scanners address-list-timeout=2w
40 ;;; SYN/RST scan
chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp address-list=port scanners address-list-timeout=2w
41 ;;; FIN/PSH/URG scan
chain=input action=add-src-to-address-list tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp address-list=port scanners address-list-timeout=2w
42 ;;; ALL/ALL scan
chain=input action=add-src-to-address-list tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=port scanners address-list-timeout=2w
43 ;;; NMAP NULL scan
chain=input action=add-src-to-address-list tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=port scanners address-list-timeout=2w
44 ;;; dropping port scanners
chain=input action=drop src-address-list=port scanners
45 chain=forward action=drop p2p=all-p2p
46 ;;; DROP ALL P2P TRAFFIC
chain=forward action=drop p2p=all-p2p
47 ;;; BLOCK TORRENT DNS
chain=forward action=drop p2p=all-p2p protocol=udp layer7-protocol=torrent-dns
/ip firewall nat> print detail
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 chain=srcnat action=masquerade src-address=192.168.88.0/24
2 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.20.0/23
/ip dhcp-server> print detail
Flags: X - disabled, I - invalid
0 name="dhcp1" interface=ether2 lease-time=3d address-pool=dhcp_pool1 bootp-support=static add-arp=yes authoritative=after-2sec-delay
[kehinde@MikroTik] /ip dhcp-server>
/ip pool> print detail
0 name="dhcp_pool1" ranges=192.168.20.51-192.168.20.150
1 name="hs-pool-10" ranges=192.168.20.151-192.168.20.250
/ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=41.219.190.193 gateway-status=41.219.190.193 reachable ether12 distance=1 scope=30 target-scope=10
1 ADC dst-address=41.219.190.192/29 pref-src=41.219.190.195 gateway=ether12 gateway-status=ether12 reachable distance=0 scope=10
2 ADC dst-address=192.168.20.0/23 pref-src=192.168.20.1 gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10
3 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10
/interface> print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R ;;; WAN
name="ether12" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=9116
1 name="ether13" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=9116
2 X name="ether11" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=9116
3 X name="ether6" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
4 X name="ether7" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
5 X name="ether8" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
6 X name="ether9" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
7 X name="ether10" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
8 R name="ether1" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
9 R ;;; LAN-192.168.20.0/23
name="ether2" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
10 X ;;; HOTSPOT INTERFACE
name="ether3" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
11 X name="ether4" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
12 X name="ether5" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=9498
I have 3 days ultimatum or I face being sacked!!!!
Thanks all in anticipation.
-
-
kennyolutola
just joined
- Posts: 17
- Joined:
- Location: Nigeria
Re: URGENT HELP PLEASEEEEE!!!! I WANT TO BE SACKED IF I DONT
If your job is on the line while you are tasked with something you don't know how to do (presumably because you claimed you did know) your best option is to hire a consultant.
-
-
kennyolutola
just joined
- Posts: 17
- Joined:
- Location: Nigeria
Re: URGENT HELP PLEASEEEEE!!!! I WANT TO BE SACKED IF I DONT
i have been working with Mikrotik since 2009 but when i changed job in 2010 I stopped working with it cos my new organization don't use mikrotik until last week.
All i need now is help later we will talk about been qualified or not....
thanks
All i need now is help later we will talk about been qualified or not....
thanks
Re: URGENT HELP PLEASEEEEE!!!! I WANT TO BE SACKED IF I DONT
hello Kenny,
you will need to redirect your http traffic to your proxy port using dst-nat through /ip firewall nat. that will make your proxy transparent and you don't need to configure any manual proxy again on their computers. as for blocking website, you can do that from the web proxy access menu and deny the websites you don't want.
you may not be able to completely stop bit torrent but you can reduce their traffic consumption in layer 7 protocols located in ip firewall.
where is your location in Nigeria? maybe i might be of emergency help to avoid loosing your job.
you will need to redirect your http traffic to your proxy port using dst-nat through /ip firewall nat. that will make your proxy transparent and you don't need to configure any manual proxy again on their computers. as for blocking website, you can do that from the web proxy access menu and deny the websites you don't want.
you may not be able to completely stop bit torrent but you can reduce their traffic consumption in layer 7 protocols located in ip firewall.
where is your location in Nigeria? maybe i might be of emergency help to avoid loosing your job.
Last bumped by kennyolutola on Thu Mar 22, 2012 2:18 pm.
Who is online
Users browsing this forum: Dreamcast and 108 guests