I'm trying to setup hotspot with no success. After getting the Error - Gateway page, I found out an issue others were having with the default user profile setting with Transparent proxy. I followed their recommendation and I don't get this page anymore, but I'm not able to have success with my current setup. Actually I think the problem is with some rules shown as invalid, and as I read in the docs those are main rules ...
RouterOS 3.20
Hotspot setup on a VirtualAP interface for testing ...
Code: Select all
[admin@AP_HQ] /ip hotspot> print detail
Flags: X - disabled, I - invalid, S - HTTPS
0 name="hotspot1" interface=wHotSpotB address-pool=hs-pool-7 profile=hsprof1 idle-timeout=5m keepalive-timeout=none
addresses-per-mac=2 ip-of-dns-name=10.5.50.1Code: Select all
[admin@AP_HQ] /ip hotspot profile> print detail
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
1 name="hsprof1" hotspot-address=10.5.50.1 dns-name="hp.cxctrl.com.br" html-directory=hotspot rate-limit=""
http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=mac mac-auth-password="" use-radius=yes radius-accounting=yes
radius-interim-update=10m nas-port-type=wireless-802.11 radius-default-domain="" radius-location-id=""
radius-location-name="" radius-mac-format=XXXXXXXXXXXX
Code: Select all
[admin@AP_HQ] /ip firewall filter> print all detail
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth
1 D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth
2 D chain=input action=jump jump-target=hs-input hotspot=from-client
3 I chain=hs-input action=jump jump-target=pre-hs-input
4 D chain=hs-input action=accept protocol=udp dst-port=64872
5 D chain=hs-input action=accept protocol=tcp dst-port=64872-64875
6 D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth
7 D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp
8 D chain=hs-unauth action=reject reject-with=icmp-net-prohibited
9 D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited
10 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
Code: Select all
[admin@AP_HQ] /ip firewall nat> print all detail
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
1 I chain=hotspot action=jump jump-target=pre-hotspot
2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53
3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53
4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80
5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443
6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth
7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth
8 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80
9 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128
10 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080
11 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443
12 I chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
13 D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http
14 I chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
15 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
16 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.5.50.0/24
Have someone experienced this ... and help me ?
Thanks in advance,
