Hotspot login not showing
Posted: Wed Jun 22, 2016 6:56 pm
Hi I am having problem with hotspot. Problem is when I connect to hotspot interface with cellular and start loading page I am not redirected to hotspot login page.
What am I doing wrong I tried everything?
Funny thing is when I disable this firewall rule hotspot works:
but I cant leave it disabled.
I tried to log this rule and log shows mostly denied dns requests.
Hotspot config.
Dhcp config
Bridge config:
Address config:
Radius config:
Userman config:
And last firewall config:
What am I doing wrong I tried everything?
Funny thing is when I disable this firewall rule hotspot works:
Code: Select all
add action=drop chain=input comment="default configuration" in-interface=WAN \
log=yes log-prefix=29_I tried to log this rule and log shows mostly denied dns requests.
Hotspot config.
Code: Select all
/ip hotspot
add address-pool=HSpD disabled=no interface=HotspotDonatB name=hotspot1 \
profile=hsprof1
add address-pool=HSpN disabled=no interface=HotspotNoelB name=hs-HotspotNoelB \
profile=hsprof3
/ip hotspot profile
add hotspot-address=192.168.99.1 html-directory=HotspotD login-by=\
http-chap,mac-cookie name=hsprof1 use-radius=yes
add hotspot-address=192.168.97.1 html-directory=HotspotN login-by=\
http-chap,mac-cookie name=hsprof3 smtp-server=0.0.0.0 use-radius=\
yesCode: Select all
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=HSpD ranges=192.168.99.50-192.168.99.100
add name=HSpN ranges=192.168.97.50-192.168.97.100
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add address-pool=HSpD disabled=no interface=HotspotDonatB lease-time=1h name=\
dhcp1
add address-pool=HSpN disabled=no interface=HotspotNoelB lease-time=1h name=\
dhcp2
/ip dhcp-server network
add address=192.168.97.0/24 comment="hotspotN"\
gateway=192.168.97.1
add address=192.168.99.0/24 comment="hotspotD" gateway=\
192.168.99.1Code: Select all
/interface bridge port
add bridge=HotspotDonatB interface=ApartmanDonat
add bridge=HotspotNoelB interface=ApartmanNoelCode: Select all
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
bridge-local network=192.168.88.0
add address=10.99.0.1 interface=LoopbackD network=10.99.0.1
add address=10.97.0.1 interface=LoopbackN network=10.97.0.1
add address=192.168.99.1/24 interface=HotspotDonatB network=192.168.99.0
add address=192.168.97.1/24 interface=HotspotNoelB network=192.168.97.0Code: Select all
/radius
add address=10.99.0.1 secret=test service=hotspotCode: Select all
/tool user-manager database
set db-path=user-manager
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=10.99.0.1 log=\
auth-ok,auth-fail,acct-ok,acct-fail name=Fonat shared-secret=\
test use-coa=noCode: Select all
/ip firewall filter
add chain=input dst-port=8291 protocol=tcp
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add chain=input comment="allows user manager to work with local hosts" \
disabled=yes src-address=127.0.0.0/24
add action=drop chain=input comment="Zabrana telnet izvana" dst-port=23 log=\
yes log-prefix=Odbijeno_telnet protocol=tcp
add action=drop chain=input comment="Zabrana FTP izvana" dst-port=20 \
protocol=tcp
add action=drop chain=input comment="Zabrana SFTP izvana" dst-port=21 \
protocol=tcp
add action=drop chain=input comment="Zabrana SSH izvana" dst-port=22 log=yes \
log-prefix=odbjeno_ssh protocol=tcp
add chain=input comment="Remote upravljanje API" dst-port=8728 log=yes \
log-prefix=api_ protocol=tcp
add chain=input comment="Allow limited pings" limit=50,5:packet protocol=icmp
add action=drop chain=input comment="Zabrana spamiranja" dst-port=25 \
protocol=tcp
add action=drop chain=forward comment="Zabrana spamiranja" disabled=yes log=\
yes log-prefix="spam odlazni_" protocol=tcp src-port=25
add action=drop chain=forward comment=\
"Zabrana spamiranja\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\?" dst-port=25 log=yes \
log-prefix=Gasi_25 protocol=tcp
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="Dozvoli Remote upravljanje Winbox" disabled=yes \
dst-port=8291 log-prefix=winbox_ protocol=tcp src-address=192.168.99.0/24
add chain=input comment="Dozvoli Remote upravljanje Winbox" disabled=yes \
dst-port=8291 protocol=tcp src-address=192.168.97.0/24
add chain=input comment="Dozvoli Remote upravljanje Winbox" disabled=yes \
dst-port=8291 protocol=tcp src-address=192.168.88.0/24
add chain=input comment="Dozvoli Remote upravljanje UseMan" dst-port=808 \
log-prefix=winbox_ protocol=tcp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add chain=input comment="Dozvoli upravljanje mobom" disabled=yes dst-port=\
8728 protocol=tcp
add chain=forward comment="default configuration" connection-state=\
established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid disabled=yes log-prefix=_odbijeno_bad
add action=drop chain=input comment="default configuration" in-interface=WAN \
log=yes log-prefix=29_
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=WAN
add chain=forward disabled=yes
/ip firewall nat
add chain=pre-hotspot dst-address-type=!local hotspot=auth
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.99.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.97.0/24
add action=masquerade chain=srcnat comment="Ako radi ppoe ugasiti" \
out-interface=WAN