My Hotspot Won't Work

hci · Sun Aug 22, 2004 12:35 am

I cannot get my Hotspot to work. Whenever I try to do anything through http port 80 it says this page cannot be displayed. I can ping and stuff but no http. http://192.168.1.190:80/ where hotspot should be running does not come up either. Can anyone tell me what is wrong? This is 2.8.13 release level 5 on a Soekris SBC with Prism card. The range on my Prism 200mw card with a stubby antenna only appears to be a few feet but I think that is a different issue.

Matt

[admin@MikroTik] > export
# aug/21/2004 15:22:50 by RouterOS 2.8.13
# software id = TFPB-1LT
#
/ interface ethernet
set ether1 name="ether1" mtu=1500 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes \
long-cable=no speed=100Mbps disabled=no
set ether2 name="ether2" mtu=1500 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes \
long-cable=no speed=100Mbps disabled=no
set ether3 name="ether3" mtu=1500 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes \
long-cable=no speed=100Mbps disabled=no
/ interface wireless
set wlan1 name="wlan1" mtu=1500 arp=enabled disable-running-check=no mode=ap-bridge ssid="seneca.hot.bbwi.net" \
frequency=2412 band=2.4GHz-B scan-list=default-ism supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps \
supported-rates-a/g="" basic-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps basic-rates-a/g="" max-station-count=2007 \
fast-frames=no dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no \
default-authentication=yes default-forwarding=no hide-ssid=no 802.1x-mode=none disabled=no
/ interface wireless security
set wlan1 security=none algo-0=none key-0="" algo-1=none key-1="" algo-2=none key-2="" algo-3=none key-3="" \
transmit-key=key-0 sta-private-algo=none sta-private-key="" radius-mac-authentication=no
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 \
ssid-all=no frames-per-second=25 audio-min=-100 audio-max=-20
/ interface bridge port
set ether1 priority=128 path-cost=10
set ether2 bridge=none priority=128 path-cost=10
set ether3 bridge=none priority=128 path-cost=10
set wlan1 bridge=none priority=128 path-cost=10
/ ip pool
add name="hs-pool-real" ranges=10.5.50.2-10.5.50.254
/ ip accounting
set enabled=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip address
add address=192.168.1.190/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1 comment="added by setup" \
disabled=no
add address=10.5.50.1/24 network=10.5.50.0 broadcast=10.5.50.255 interface=wlan1 comment="hotspot network" disabled=no
/ ip arp
/ ip dns
set primary-dns=12.127.16.68 secondary-dns=12.127.17.72 allow-remote-requests=yes cache-size="2048 kB" cache-max-ttl=7d
/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
add name="hotspot-temp" policy=none comment="limit unauthorized hotspot clients"
add name="hotspot" policy=none comment="account authorized hotspot clients"
/ ip firewall rule forward
add in-interface=wlan1 action=jump jump-target=hotspot-temp comment="limit access for unauthorized hotspot clients" \
disabled=no
add action=jump jump-target=hotspot comment="account traffic for authorized hotspot clients" disabled=no
/ ip firewall rule hotspot-temp
add flow=hs-auth action=return comment="return, if connection is authorized" disabled=no
add protocol=icmp action=return comment="allow ping requests" disabled=no
add dst-address=:53 protocol=udp action=return comment="allow dns requests" disabled=no
add action=reject comment="reject access for unauthorized hotspot clients" disabled=no
/ ip firewall rule input
add in-interface=wlan1 dst-address=:80 protocol=tcp action=jump jump-target=hotspot comment="account traffic from hotspot \
clients to hotspot servlet" disabled=no
add in-interface=wlan1 dst-address=:80 protocol=tcp action=accept comment="accept requests for hotspot servlet" \
disabled=no
add in-interface=wlan1 dst-address=:67 protocol=udp action=accept comment="accept requests for local DHCP server" \
disabled=no
add in-interface=wlan1 action=jump jump-target=hotspot-temp comment="limit access for unauthorized hotspot clients" \
disabled=no
/ ip firewall rule output
add src-address=:80 out-interface=wlan1 protocol=tcp action=jump jump-target=hotspot comment="account traffic from \
hotspot servlet to hotspot clients" disabled=no
/ ip firewall dst-nat
add dst-address=:53 protocol=udp action=redirect comment="intercept all DNS requests" disabled=no
add in-interface=wlan1 protocol=tcp flow=!hs-auth action=redirect to-dst-port=80 comment="redirect unauthorized hotspot \
clients to hotspot service" disabled=no
add in-interface=wlan1 dst-address=:80 protocol=tcp action=redirect to-dst-port=80 comment="transparent HTTP proxy for \
hotspot clients" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall src-nat
add src-address=10.5.50.0/24 action=masquerade comment="masquerade hotspot network" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip neighbor discovery
set ether1 discover=no
set ether2 discover=no
set ether3 discover=yes
set wlan1 discover=yes
/ ip route
add dst-address=0.0.0.0/0 preferred-source=0.0.0.0 gateway=192.168.1.1 distance=1 comment="added by setup" disabled=no
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=81 address=0.0.0.0/0 disabled=no
set hotspot port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set hotspot-ssl port=443 address=0.0.0.0/0 certificate=none disabled=no
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip policy-routing
/ ip policy-routing rule
add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow="" interface=all action=lookup table=main comment="" disabled=no
/ ip policy-routing table main
add dst-address=0.0.0.0/0 gateway=192.168.1.1 preferred-source=0.0.0.0 comment="added by setup" disabled=no
/ ip upnp
set enabled=no
/ ip dhcp-client
set enabled=no host-name="" client-id="" add-default-route=yes use-peer-dns=yes
/ ip dhcp-server
add name="hs-dhcp-server" interface=wlan1 lease-time=1h address-pool=hs-pool-real add-arp=no authoritative=no disabled=no
/ ip dhcp-server network
add address=10.5.50.0/24 gateway=10.5.50.1 comment="hotspot network"
/ ip hotspot
set use-ssl=no hotspot-address=10.5.50.1 dns-name="seneca.hotspot.bbwi.net" status-autorefresh=1m universal-proxy=yes \
parent-proxy=0.0.0.0:0 auth-requires-mac=yes auth-mac=no auth-mac-password=no auth-http-cookie=no \
http-cookie-lifetime=1d allow-unencrypted-passwords=no login-mac-universal=no split-user-domain=no
/ ip hotspot profile
set default name="default" shared-users=1 mark-flow="hs-auth" login-method=enabled-address keepalive-timeout=2m
/ ip hotspot user
add name="test" password="test" profile=default comment="" disabled=no
/ ip hotspot aaa
set use-radius=no accounting=yes interim-update=0s
/ ip hotspot universal
add interface=wlan1 idle-timeout=5m arp=all-arp use-dhcp=yes addresses-per-mac=2 comment="" disabled=no
/ ip hotspot universal service-port
set ftp ports=21 disabled=no
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=no
/ system identity
set name="MikroTik"
/ system logging
set default-remote-address=0.0.0.0 default-remote-port=514 disk-buffer-lines=100 memory-buffer-lines=100
/ system logging facility
set Firewall-Log local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set System-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set System-Error local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set System-Warning local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set Hotspot-Account local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set Hotspot-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set Hotspot-Error local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set IPsec-Event local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set IKE-Event local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set IPsec-Warning local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set System-Echo local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=yes
set Wireless-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
/ system serial-console
set enabled=yes port=serial0
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=""
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes ping-start-after-boot=5m
/ system ntp client
set enabled=yes mode=unicast primary-ntp=192.43.244.18 secondary-ntp=0.0.0.0
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ port
set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=none
set serial1 name="serial1" baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=none
/ queue type
set default name="default" kind=pfifo bfifo-limit=15000 pfifo-limit=50 red-limit=60 red-min-threshold=10 \
red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""
set ethernet-default name="ethernet-default" kind=pfifo bfifo-limit=15000 pfifo-limit=50 red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 \
pcq-classifier=""
set wireless-default name="wireless-default" kind=sfq bfifo-limit=15000 pfifo-limit=50 red-limit=60 red-min-threshold=10 \
red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""
set synchronous-default name="synchronous-default" kind=red bfifo-limit=15000 pfifo-limit=50 red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 \
pcq-classifier=""
/ user
add name="admin" group=full address=0.0.0.0/0 comment="system default user" disabled=no
/ user group
add name="read" policy=local,telnet,ssh,!ftp,reboot,read,!write,!policy,test,web
add name="write" policy=local,telnet,ssh,!ftp,reboot,read,write,!policy,test,web
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ driver
/ snmp
set enabled=no contact="" location=""
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10 streaming-enabled=no \
streaming-server=0.0.0.0 filter-stream=no filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535
/ tool e-mail
set server=0.0.0.0 from="<>"
[admin@MikroTik] >

signal · Sun Aug 22, 2004 3:19 am

The short of it, is you need to go back and read the hotspot docs at mikrotik.com and pay careful attention to detail. For example, the first rule in your input chain jumps to "hotspot"..........there should be no "jump" in your input chain like that, especially at the beginning, you need to have those "Accept" rules for things like dns and http be in effect.

Be careful to put "hotspot" where it wants hotspot, and "hotspot-temp" where it wants hotspot-temp.

Brian

hci · Sun Aug 22, 2004 3:46 am

I did not create any of those rules. The setup wizard in Mikrotik OS did. I did exactly as below out of docs. I can ping anything but no surfing or even logon page.

Matt

Example
To configure HotSpot on ether1 interface (which is already configured), enabling transparent web proxy and adding user admin with password rubbish:

[admin@MikroTik] ip hotspot> setup
Select interface to run HotSpot on

hotspot interface: ether1
Use SSL authentication?

use ssl: no
Add hotspot authentication for existing interface setup?

interface already configured: yes
Create local hotspot user

name of local hotspot user: admin
password for the user: rubbish
Use transparent web proxy for hotspot clients?

use transparent web proxy: yes
[admin@MikroTik] ip hotspot>

jarosoup · Mon Aug 23, 2004 2:18 am

Try starting over by resetting your OS (system -> reset), and then only configuring the public interface - allow the hotspot setup to configure your private interface. From there, you can get to winbox (or do it from ssh/telnet or com port). Run the Hotspot setup again, this time selecting "no" for the question "interface already configured". When the DNS server name option is presented, leave it blank and continue on with the rest of the setup.

tully · Thu Aug 26, 2004 12:44 pm

We are making a modular system for hotspot that does not use the 'internal' features of the router. This will make it allot easier to manage. The current version is extremely powerful, but can be very difficult -- especially with other complex configurations already set up. The new version will put all the 'hotspot' features on the specific interfaces so that there are no 'general' rules that can get confused.

It will be in v2.9 in a couple of weeks -- beta.

John

My Hotspot Won't Work

My Hotspot Won't Work

Re: My Hotspot Won't Work

Who is online