Guys Im having an issue with my hotspot, the client without login in he can use msn and skype, and whatever program that doesnt require
port 80. Its that normal? Thank you!
Re: Problems with hotspot!
"Normal" for the hotspot service is all ports are blocked, and port 80 is redirected to the login page until the client logs in.
Re: Problems with hotspot!
may you post your ip firewall filter and nating.
Re: Problems with hotspot!
Sure, Ill take a quick look at my firewall rules and see if I find something, if I dont ill post it here for u guys!!
-
-
cybercoder
Member Candidate
- Posts: 175
- Joined:
- Location: Guilan, Iran
- Contact:
Re: Problems with hotspot!
check the Walled Garden & Walled Garden IP
Re: Problems with hotspot!
Nahh I just couldnt find my mistake. Here is my filter rules, that goes before the hotspot blocking rules;
/ip firewall filter
add action=accept chain=forward comment="Libera Rede Interna" disabled=no dst-address-list="Rede Loja" src-address-list="Rede Loja"
add action=accept chain=forward comment="Libera Aracu" disabled=no src-address=201.41.70.175
add action=accept chain=forward disabled=no dst-address=201.41.70.175
add action=drop chain=forward comment="Barra Acesso Externo \E0 Porta 80" disabled=no dst-address-list="Rede Interna" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=drop chain=forward disabled=no dst-address-list="Rede Loja" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=drop chain=forward disabled=no dst-address-list="Rede Valida" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=accept chain=forward comment="Libera SpeedR" disabled=no src-address=192.168.254.2
add action=accept chain=forward disabled=no dst-address=192.168.254.2
add action=accept chain=forward comment="Libera ping cliente Servidor" disabled=no dst-address=189.50.123.190 protocol=icmp src-address-list="Rede Interna"
add action=accept chain=forward comment="Libera ping Loja" disabled=no src-address=10.174.100.0/24
add action=accept chain=forward disabled=no dst-address=10.174.100.0/24
add action=accept chain=input comment="Libera Radius" disabled=no src-address=186.226.70.2
add action=accept chain=forward comment="Libera Ping Servidor" disabled=no src-address=186.226.70.2
add action=accept chain=forward disabled=no dst-address=186.226.70.2
add action=accept chain=input comment="Controle de ICMP Input" disabled=no limit=50/5s,3 protocol=icmp
add action=drop chain=input disabled=no protocol=icmp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Adiciona \E0 lista de Port Scanners" disabled=no protocol=tcp psd=\
21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropa Port Scanners" disabled=no src-address-list="port scanners"
add action=accept chain=forward comment="Espaco Entre Regras" disabled=yes
add action=accept chain=input comment="Limite SSH na Input" disabled=no dst-port=22 limit=5,5 protocol=tcp src-address-list=186.226.70.2
add action=drop chain=input disabled=no dst-port=22 protocol=tcp
add action=accept chain=forward comment="Limita SSH" disabled=no dst-port=22 limit=5,1 protocol=tcp
add action=drop chain=forward comment="Dropa SSH Que Limitar Regra" disabled=no dst-port=22 protocol=tcp
add action=drop chain=input comment="Barra Brute Force SSH" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=\
ssh_stage3
add action=reject chain=forward comment="Barra ICMP entre Clientes" disabled=no dst-address-list="Rede Interna" protocol=icmp reject-with=icmp-host-unreachable src-address-list=\
"Rede Interna"
add action=accept chain=forward comment="Limita ICMP" disabled=no limit=20,2 protocol=icmp src-address=!186.226.70.2
add action=drop chain=forward comment="Dropa o que passar do limite" disabled=no protocol=icmp
add action=accept chain=input comment="Libera WebFig" disabled=no dst-port=8082 limit=10,5 protocol=tcp
add action=accept chain=input comment="Libera Winbox Mesmo N Logado" disabled=no dst-port=8291 protocol=tcp
add action=accept chain=forward comment="Libera Rede V\E1lida" disabled=no dst-address=186.226.70.0/24
add action=accept chain=forward disabled=no src-address=186.226.70.0/24
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall filter
add action=accept chain=forward comment="Libera Rede Interna" disabled=no dst-address-list="Rede Loja" src-address-list="Rede Loja"
add action=accept chain=forward comment="Libera Aracu" disabled=no src-address=201.41.70.175
add action=accept chain=forward disabled=no dst-address=201.41.70.175
add action=drop chain=forward comment="Barra Acesso Externo \E0 Porta 80" disabled=no dst-address-list="Rede Interna" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=drop chain=forward disabled=no dst-address-list="Rede Loja" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=drop chain=forward disabled=no dst-address-list="Rede Valida" dst-port=80 protocol=tcp src-address-list="!Rede Loja"
add action=accept chain=forward comment="Libera SpeedR" disabled=no src-address=192.168.254.2
add action=accept chain=forward disabled=no dst-address=192.168.254.2
add action=accept chain=forward comment="Libera ping cliente Servidor" disabled=no dst-address=189.50.123.190 protocol=icmp src-address-list="Rede Interna"
add action=accept chain=forward comment="Libera ping Loja" disabled=no src-address=10.174.100.0/24
add action=accept chain=forward disabled=no dst-address=10.174.100.0/24
add action=accept chain=input comment="Libera Radius" disabled=no src-address=186.226.70.2
add action=accept chain=forward comment="Libera Ping Servidor" disabled=no src-address=186.226.70.2
add action=accept chain=forward disabled=no dst-address=186.226.70.2
add action=accept chain=input comment="Controle de ICMP Input" disabled=no limit=50/5s,3 protocol=icmp
add action=drop chain=input disabled=no protocol=icmp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Adiciona \E0 lista de Port Scanners" disabled=no protocol=tcp psd=\
21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropa Port Scanners" disabled=no src-address-list="port scanners"
add action=accept chain=forward comment="Espaco Entre Regras" disabled=yes
add action=accept chain=input comment="Limite SSH na Input" disabled=no dst-port=22 limit=5,5 protocol=tcp src-address-list=186.226.70.2
add action=drop chain=input disabled=no dst-port=22 protocol=tcp
add action=accept chain=forward comment="Limita SSH" disabled=no dst-port=22 limit=5,1 protocol=tcp
add action=drop chain=forward comment="Dropa SSH Que Limitar Regra" disabled=no dst-port=22 protocol=tcp
add action=drop chain=input comment="Barra Brute Force SSH" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=\
ssh_stage3
add action=reject chain=forward comment="Barra ICMP entre Clientes" disabled=no dst-address-list="Rede Interna" protocol=icmp reject-with=icmp-host-unreachable src-address-list=\
"Rede Interna"
add action=accept chain=forward comment="Limita ICMP" disabled=no limit=20,2 protocol=icmp src-address=!186.226.70.2
add action=drop chain=forward comment="Dropa o que passar do limite" disabled=no protocol=icmp
add action=accept chain=input comment="Libera WebFig" disabled=no dst-port=8082 limit=10,5 protocol=tcp
add action=accept chain=input comment="Libera Winbox Mesmo N Logado" disabled=no dst-port=8291 protocol=tcp
add action=accept chain=forward comment="Libera Rede V\E1lida" disabled=no dst-address=186.226.70.0/24
add action=accept chain=forward disabled=no src-address=186.226.70.0/24
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes