MikroTik

Hi

Im running a standalone hotspot/server system to act as an information system.

Clients connect on eth2 (192.168.88.1/24), and via the mikrotik are forwarded to a server on eth1 (192.168.0.13)

HotSpot is running, with 192.168.0.13 in the walled garden.
DNS Server on Mikrotik has a regex catch all expression resolving all domains to 192.168.0.13

A client connects to eth2, is resolved to 192.168.0.13 and ends up on my server as expected. No hotspot redirection takes place, running standard html

After a few hours however, things change. DNS still resolved to 192.168.0.13, but users are ending up on the HotSpot login screen. Manually entering 192.168.0.13 into the browser divers to the hotspot login screen. Its as though the Mikrotik forgets/blocks the walled garden IP.

Any ideas why this should happen?

Is there a simpler way to send all users connecting on eth2 direct to a specific web server? There is no internet on this network, no other DNS, nothing. I just need to put a webpage in front of users. Maybe a firewall rule?

any ideas, as this is driving me nuts.

I'm not sure this will work as I've never tried it, but look up wildcard hosting for your webserver. Most webservers can be configured to run accepting any "Host:" header. In Apache, for example, you'd make a VirtualHost with a ServerAlias of *.example.com to have the VirtualHost respond to any host in the example.com domain. Try using just '*' to match any host in any domain - that's what I'm not sure will work. But if it does you can just destination NAT all web traffic to that server, rewrite the request (via mod_rewrite in Apache, or whatever else your server software offers) to a resource that exists, and server your static page.

But if it does you can just destination NAT all web traffic to that server, rewrite the request (via mod_rewrite in Apache, or whatever else your server software offers) to a resource that exists, and server your static page.

Hi Fewi

I have the server sorted, could you expand on the destination nat to get all traffic to the server? Ive just set this up in my test box, as I didn't 100% believe what the client was saying, but its repeatable. I need to remove the hotspot and this regex DNS hack from the Mikrotik and just route as you suggest.

The exact rule depends on your network layout - but assuming that there's no tcp/80 traffic whatsoever on the network and that all tcp/80 traffic should be redirected to the server at 192.168.0.13, that would look something like this: That by itself takes care of all IP level web traffic either when clients go by IP, or after DNS resolution (in which case it likely will be unnecessary as DNS will still force clients to that server as per below).

Keep the DNS regex rule - there's no way around that for clients that look for web servers via DNS- the client HAS to resolve DNS to an IP before it will do anything else. I didn't mean to give the impression you can do without the DNS piece. But according to your testing that actually works all the time, so that shouldn't be a problem. To enforce that the clients all use your router as DNS, use the following NAT rule: Redirect means "destination NAT it to yourself", at that point the router DNS will transparently take care of name resolution.

With those two rules in place you should be able to turn off the Hotspot completely and have the two NAT rules do everything.

Thank you for the explanation Fewi, much appreciated.

Worked a treat, much simpler, more elegant solution. Ta

This worked a treat until iOS6 came out on iPhone 5. All other clients work fine, i.e. the Captive Portal page opens and redirects to a index.php on the server . on iOS6 however, it will not open the page on the server. and displays a message saying it cant find Library/ test/success.html . This is normal as this is what triggers the captive portal hotspot page, but it used to show the server home page in the page, and doesn't any more. If I put success.html on the server in the above location. The captive portal will not show and redirect to the home page... again normal behaviour. but I need the homepage in the CP window.

Any clues why the captive portal wont show the homepage anymore.

the set up I've used is exactly as previously shown in this post.