Hotspot login not showing

krkec · Wed Jun 22, 2016 6:56 pm

Hi I am having problem with hotspot. Problem is when I connect to hotspot interface with cellular and start loading page I am not redirected to hotspot login page.

What am I doing wrong I tried everything?

Funny thing is when I disable this firewall rule hotspot works:

add action=drop chain=input comment="default configuration" in-interface=WAN \

    log=yes log-prefix=29_

but I cant leave it disabled.

I tried to log this rule and log shows mostly denied dns requests.

Hotspot config.

/ip hotspot
add address-pool=HSpD disabled=no interface=HotspotDonatB name=hotspot1 \
    profile=hsprof1
add address-pool=HSpN disabled=no interface=HotspotNoelB name=hs-HotspotNoelB \
    profile=hsprof3
/ip hotspot profile
add hotspot-address=192.168.99.1 html-directory=HotspotD login-by=\
    http-chap,mac-cookie name=hsprof1 use-radius=yes
add hotspot-address=192.168.97.1 html-directory=HotspotN login-by=\
    http-chap,mac-cookie name=hsprof3 smtp-server=0.0.0.0 use-radius=\
    yes

Dhcp config

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=HSpD ranges=192.168.99.50-192.168.99.100
add name=HSpN ranges=192.168.97.50-192.168.97.100
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add address-pool=HSpD disabled=no interface=HotspotDonatB lease-time=1h name=\
    dhcp1
add address-pool=HSpN disabled=no interface=HotspotNoelB lease-time=1h name=\
    dhcp2
/ip dhcp-server network
add address=192.168.97.0/24 comment="hotspotN"\
    gateway=192.168.97.1
add address=192.168.99.0/24 comment="hotspotD" gateway=\
    192.168.99.1

Bridge config:

/interface bridge port
add bridge=HotspotDonatB interface=ApartmanDonat
add bridge=HotspotNoelB interface=ApartmanNoel

Address config:

/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    bridge-local network=192.168.88.0
add address=10.99.0.1 interface=LoopbackD network=10.99.0.1
add address=10.97.0.1 interface=LoopbackN network=10.97.0.1
add address=192.168.99.1/24 interface=HotspotDonatB network=192.168.99.0
add address=192.168.97.1/24 interface=HotspotNoelB network=192.168.97.0

Radius config:

/radius
add address=10.99.0.1 secret=test service=hotspot

Userman config:

/tool user-manager database
set db-path=user-manager
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=10.99.0.1 log=\
    auth-ok,auth-fail,acct-ok,acct-fail name=Fonat shared-secret=\
    test use-coa=no

And last firewall config:

/ip firewall filter
add chain=input dst-port=8291 protocol=tcp
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add chain=input comment="allows user manager to work with local hosts" \
    disabled=yes src-address=127.0.0.0/24
add action=drop chain=input comment="Zabrana telnet izvana" dst-port=23 log=\
    yes log-prefix=Odbijeno_telnet protocol=tcp
add action=drop chain=input comment="Zabrana FTP izvana" dst-port=20 \
    protocol=tcp
add action=drop chain=input comment="Zabrana SFTP izvana" dst-port=21 \
    protocol=tcp
add action=drop chain=input comment="Zabrana SSH izvana" dst-port=22 log=yes \
    log-prefix=odbjeno_ssh protocol=tcp
add chain=input comment="Remote upravljanje API" dst-port=8728 log=yes \
    log-prefix=api_ protocol=tcp
add chain=input comment="Allow limited pings" limit=50,5:packet protocol=icmp
add action=drop chain=input comment="Zabrana spamiranja" dst-port=25 \
    protocol=tcp
add action=drop chain=forward comment="Zabrana spamiranja" disabled=yes log=\
    yes log-prefix="spam odlazni_" protocol=tcp src-port=25
add action=drop chain=forward comment=\
    "Zabrana spamiranja\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?" dst-port=25 log=yes \
    log-prefix=Gasi_25 protocol=tcp
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="Dozvoli Remote upravljanje Winbox" disabled=yes \
    dst-port=8291 log-prefix=winbox_ protocol=tcp src-address=192.168.99.0/24
add chain=input comment="Dozvoli Remote upravljanje Winbox" disabled=yes \
    dst-port=8291 protocol=tcp src-address=192.168.97.0/24
add chain=input comment="Dozvoli Remote upravljanje Winbox" disabled=yes \
    dst-port=8291 protocol=tcp src-address=192.168.88.0/24
add chain=input comment="Dozvoli Remote upravljanje UseMan" dst-port=808 \
    log-prefix=winbox_ protocol=tcp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add chain=input comment="Dozvoli upravljanje mobom" disabled=yes dst-port=\
    8728 protocol=tcp
add chain=forward comment="default configuration" connection-state=\
    established,related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid disabled=yes log-prefix=_odbijeno_bad
add action=drop chain=input comment="default configuration" in-interface=WAN \
    log=yes log-prefix=29_
add action=drop chain=forward comment="default configuration" \
    connection-nat-state=!dstnat connection-state=new in-interface=WAN
add chain=forward disabled=yes
/ip firewall nat
add chain=pre-hotspot dst-address-type=!local hotspot=auth
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.99.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.97.0/24
add action=masquerade chain=srcnat comment="Ako radi ppoe ugasiti" \
    out-interface=WAN