Community discussions

MikroTik App
 
richi777
just joined
Topic Author
Posts: 6
Joined: Wed Nov 07, 2012 12:12 pm

DNS/NAT issue on Hotspot

Thu Nov 22, 2012 4:28 pm

Hi,

I am pretty new to MT and have following problem:
MT is a Hotspot. Clients get address from address space 192.168.100.0/24. MT outside is 172.20.21.251 (lab setup). Client gets one DNS server by the DHCP (also MT). As long as client is not authenticated I assume DNS requests are treated by NAT rule in the way that dst port 53 is mapped to dst port 64872 and DNS queries are obviously answered by the Hotspot service itself on the MT. For this reason MT does the DNS query with its own IP address (172.20.21.251). If the user is authenticated the client's ip address is masqueraded also with 172.20.21.251.
Because of theese smart DNS tunneling apps (e.g wi-free) which allow unauthenticated users to surf in the internet we established a workaround which prohibits the DNS tunneling. For this reason I need a different source nat for the DNS queries done by the non authenticated users than the masquerading done for the authenticated users.
If I establish a pre-hotspot rule with a src-nat for DNS queries MT does not allow it wiht "Couldn't change NAT rule <53> - dsntat chain can not contain masquerade/snat actions".
Any idea how I can have two different IPs for DNS queries for authenticated and non authenticated users?
Thx in advance
regards Richard
 
richi777
just joined
Topic Author
Posts: 6
Joined: Wed Nov 07, 2012 12:12 pm

Re: DNS/NAT issue on Hotspot

Tue Nov 27, 2012 4:45 pm

Hi,

thx for the replies ;)
I have found a solution which prevents DNS tunneling.
regards Richard
 
2fast4youbr
Member Candidate
Member Candidate
Posts: 113
Joined: Mon Apr 15, 2013 10:39 pm

Re: DNS/NAT issue on Hotspot

Thu May 16, 2013 4:24 pm

Hi Richi.. what was the solution ?

thanks.