Community discussions

MikroTik App
 
greenieofdubbo
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Mon Jul 10, 2006 1:36 pm

Hotspot with upstream proxy

Tue Jun 21, 2011 12:07 pm

Hi All

I have a requirement to setup a hotspot for public use, it will need to forward all web traffic to an existing upstream proxy that does content filtering.

I'm familiar with how to setup the hotspot, but whats the best way to forward the traffic to the upstream proxy?

Thanks
 
greenieofdubbo
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Mon Jul 10, 2006 1:36 pm

Re: Hotspot with upstream proxy

Wed Jun 22, 2011 12:40 pm

No one?
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: Hotspot with upstream proxy

Wed Jun 22, 2011 1:47 pm

Set up a destination NAT rule that forwards the traffic. Assuming the upstream proxy is 1.1.1.1 and you want to forward tcp/80 and tcp/8080:
/ip firewall nat
add chain=dstnat hotspot=auth,from-client protocol=tcp src-port=80,8080 action=dst-nat to-address=1.1.1.1
 
greenieofdubbo
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Mon Jul 10, 2006 1:36 pm

Re: Hotspot with upstream proxy

Thu Jun 23, 2011 5:20 am

Thanks for the response. This didn't seem to work. Where in the NAT order should this rule go?

For example, i want to redirect 80 and 443 to 1.1.1.1 on port 8081
ip firewall nat
add chain=dstnat hotspot=auth,from-client protocol=tcp src-port=80,443 action=dst-nat to-address=1.1.1.1 to-ports 8081
Thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: Hotspot with upstream proxy

Thu Jun 23, 2011 3:43 pm

Sorry, I had an error, change the chain in that rule to 'pre-hotspot'.

It doesn't matter where the rule is, unless you have other rules in that chain.
 
aminahoora
just joined
Posts: 4
Joined: Mon Aug 01, 2011 4:30 pm

Re: Hotspot with upstream proxy

Thu Aug 18, 2011 4:07 pm

i do this but user can access to network without authentication
this rule must setup after authentication

is any way to do this ???

or any bridge protocol or setting that set after authentication

for example i want to forward HTTP/HTTPS traffic to other upstream proxy in 3128 port but this
ip firewall nat
add chain=dstnat hotspot=pre-hotspot ,from-client protocol=tcp src-port=80,443 action=dst-nat to-address=1.1.1.1 to-ports 3128
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: Hotspot with upstream proxy

Thu Aug 18, 2011 4:54 pm

The rule I posted last can't possibly work for unauthenticated Hotspot clients. It specifically includes "hotspot=auth", which is only true for authenticated clients.