Helllo people. I have problem. I want create hotspot on mikrotik.Everything is fine bat i want block all http page except http://www.onet.pl. i want create two group..Full permision to surf in net and restricted permision..Full permision is work fine bat how work restricted??..To surf only one page..www.onet.pl..rest is blocked
please answer me ..thanks
As you know HotSpot provides authentication methods, e.g. login/password method for authorization.
You may issue login/passwords for first group (full access), second group will be redirected to HotSpot login page, but http://www.onet.pl will be accessible for any user, other pages only for authorized users.
Walled-garden entries configuration is available at
'ip hotspot walled-garden add dst-host=', to specify specific domain that will be accessible.
You may issue login/passwords for first group (full access), second group will be redirected to HotSpot login page, but http://www.onet.pl will be accessible for any user, other pages only for authorized users.
Walled-garden entries configuration is available at
'ip hotspot walled-garden add dst-host=', to specify specific domain that will be accessible.
Oki..bat all user in my network must logon on hotspot.and i want some group have been restricted..that group must have only permision to http://www.onet.pl site...other site is blocked...how to do it??
don't know how to doit.Do you be show me step by step how to doit restricted group?? I have full acces..is very simple..block acces but i dont have restricted...Only one page must be open..rest is block..please help...step by step...procedure..Procedure were described at the previous topics.
- Create two 'ip hotspot user profiles', one for normal user and second for one-page allowed users.
- Specify 'Incoming Filter' and 'Outgoing Filter' for second groups.
- Add firewall rule that allows specific page and second rule to block any other traffic.
- Add another firewall rule that will redirect traffic from chain=forward to chain=hotspot.
- Create two 'ip hotspot user profiles', one for normal user and second for one-page allowed users.
- Specify 'Incoming Filter' and 'Outgoing Filter' for second groups.
- Add firewall rule that allows specific page and second rule to block any other traffic.
- Add another firewall rule that will redirect traffic from chain=forward to chain=hotspot.
Hi people,
I try to do the same thing ( http://forum.mikrotik.com/viewtopic.php?t=15749 )
MMM
If I can make I will post with results.
Thanks Sergejs for the procedure, I will try it.
Regards!
I try to do the same thing ( http://forum.mikrotik.com/viewtopic.php?t=15749 )
MMM
If I can make I will post with results.
Thanks Sergejs for the procedure, I will try it.
Regards!
Okey, it do not work. =(
- Create two 'ip hotspot user profiles', one for normal user and second for one-page allowed users.
I do it, but how can assignate a profile to a specific user via radius?
- Specify 'Incoming Filter' and 'Outgoing Filter' for second groups.
I do it, but also I reply with radius a filter-id mark, named "nopago"
- Add firewall rule that allows specific page and second rule to block any other traffic.
I add two in "nopago" chain. One return the request with dst-address 10.1.2.27 (web server). The another one reject all tcp traffic.
- Add another firewall rule that will redirect traffic from chain=forward to chain=hotspot.
I add in foward chain a rule to make it jump to hotspot.
I do not know what I doing wrong, but it doesn't work.
Regards.
- Create two 'ip hotspot user profiles', one for normal user and second for one-page allowed users.
I do it, but how can assignate a profile to a specific user via radius?
- Specify 'Incoming Filter' and 'Outgoing Filter' for second groups.
I do it, but also I reply with radius a filter-id mark, named "nopago"
- Add firewall rule that allows specific page and second rule to block any other traffic.
I add two in "nopago" chain. One return the request with dst-address 10.1.2.27 (web server). The another one reject all tcp traffic.
- Add another firewall rule that will redirect traffic from chain=forward to chain=hotspot.
I add in foward chain a rule to make it jump to hotspot.
I do not know what I doing wrong, but it doesn't work.
Regards.
Hi,
I did some test this afternoon and I couldn't reach to any result.
I try to use the pre-hs-input but nothing happend.
Here are my filter reules, check it out:
(10.1.2.27 is my webserver)
I did some test this afternoon and I couldn't reach to any result.
I try to use the pre-hs-input but nothing happend.
Here are my filter reules, check it out:
(10.1.2.27 is my webserver)
Code: Select all
0 chain=pre-hs-input packet-mark=!Account_Disabled action=return
1 chain=pre-hs-input dst-address=!10.1.2.27 packet-mark=Account_Disabled
action=reject reject-with=icmp-net-prohibited
"OH I SOLVE IT"
well, I have a bit help of my boss jeje
You have to do as following if you want that certain users surf only the walled garden:
Create 2 forward chain rules.
This do that all the traffic marked with "Account_Disabled" will be redirected to hs-unauth chain. So the user only surf the walled garden. 
ONE MORE THING:
Disable Transparent proxy in the user profile you are using, because it won't work.
HOPE this help someone!
Regards!
well, I have a bit help of my boss jeje
You have to do as following if you want that certain users surf only the walled garden:
Create 2 forward chain rules.
Code: Select all
/ ip firewall filter
add chain=forward packet-mark=Account_Disabled hotspot=from-client action=jump \
jump-target=hs-unauth comment="" disabled=no
add chain=forward packet-mark=Account_Disabled hotspot=to-client action=jump \
jump-target=hs-unauth-to comment="" disabled=no
ONE MORE THING:
Disable Transparent proxy in the user profile you are using, because it won't work.
HOPE this help someone!
Regards!
Who is online
Users browsing this forum: che and 62 guests