MikroTik

I have the current setup: RB750GL --> Ubiquiti PicostationM2 (as AP)

Hotspot is 10.2.55.129 on Ethernet port 2 where the Picostation is plugged in. The Picostation is in bridge mode with 10.2.55.130 and .129 as gateway. Everything works great, but I can't log into the Picostation, nor can I ping it. It's something in the firewall rules automatically created by hotspot, but I can't figure out which one.

Can anyone help? I'd like to be able to at least ping it for monitoring purposes.

Have you solved it already? How?

Yes, I finally did. Sorry I didn't post the solution.

You need to add entries into the firewall to jump the pre-existing hotspot rules. There needs to Filter Rules created for both the source & destination of the device IP that allows access to & from unauthorized users to a client.

Example:
IP of device 192.168.1.30

Entry 1 - Create Filter Rule for a new chain that accepts
/ip firewall filter add action=accept chain=device-manage disable=no

Entry 2 - Create a Filter Rule for the source address of the device
/ip firewall filter add action=jump chain=forward disable=no hotspot=from-client,!auth jump-target=device-manage src-address=192.168.1.30

Entry 3 - Create a Filter Rule for the destination address of the device
/ip firewall filter add action=jump chain=forward disable=no hotspot=to-client,!auth jump-target=device-manage dst-address=192.168.1.30

Make sure entries 2 & 3 are above the preset hotspot filter rules and you'll have access to your device.

hey
just read ur posts. i m facing the same prob i've installed APs after every 100 meters clients can connect through these access points but i m unable to ping these devices untill or unless some one is conected or logged in via these devices.... i ve added filter rules as u have shown but still it dosnt work fr me here is the export:


/ip firewall filter
add action=jump chain=forward disabled=no hotspot=from-client,!auth jump-target=devices src-address=10.10.10.11-10.10.10.50
add action=jump chain=forward disabled=no dst-address=10.10.10.11-10.10.10.50 hotspot=to-client,!auth jump-target=devices
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=devices disabled=no
[admin@MikroTik] >



so any help!

baasit,

Just to clarify, are you saying that you can ping the AP device when there's a client connected to it? If so, I think there's something else going on.

Otherwise, I'd try to just do a single IP address instead of a range. I don't know why that would make a different, but start with one. Also, make sure these filter rules are at the top of the list, otherwise they'll be blocked by the default hotspot filter rules. Rule order is important.

Below is my export that is working for me:

/ip firewall filter

add action=jump chain=forward comment="Hotspot device access" disabled=no hotspot=from-client,!auth jump-target=device-manage src-address=10.2.58.130
add action=jump chain=forward comment="Hotspot device access" disabled=no dst-address=10.2.58.130 hotspot=to-client,!auth jump-target=device-manage
add action=accept chain=device-manage disabled=no

Good luck.

i have applied the as u've provided in the export but still it isn't working

here is my export:

/ip firewall filter
add action=accept chain=device-manage disabled=no
add action=jump chain=forward comment="Hotspot device access" disabled=no hotspot=from-client,!auth jump-target=device-manage src-address=10.10.10.15
add action=jump chain=forward comment="Hotspot device access" disabled=no dst-address=10.10.10.15 hotspot=to-client,!auth jump-target=device-manage
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=no
[admin@MikroTik] >



yup u are right something else is going on because wenever there is client connected via a device i can ping it



Any thoughts!

Boy, I really don't. It almost seems like it needs an established connection before it allows it through the firewall. What kind of AP are you using? Is it just in bridge mode? Can you test with a different type of AP? Just grabbing at straws here...

I have same problem. Where do the rules go in the firewall rules. I also use ubiquiti products as ap behind a mikrotik router running Hotspot.

The rules I have listed above go under "Filter Rules"