Difference between revisions of "Manual:IP/Hotspot/Walled Garden"

From MikroTik Wiki
Jump to: navigation, search
(Properties)
(IP Walled Garden)
Line 153: Line 153:
 
|desc=IP protocol
 
|desc=IP protocol
 
}}
 
}}
 +
 +
 +
===Example===
 +
 +
When adding walled garden IP entry several dynamic rules are created. For example, lets add ''www.paypalobject.com''
 +
 +
<pre>
 +
/ip hotspot walled-garden ip
 +
add action=accept disabled=no dst-host=www.paypalobject.com
 +
</pre>
 +
 +
Now if you look at walled garden menu you will see dynamic entry for object we just added
 +
<pre>
 +
[admin@493G] /ip hotspot walled-garden> print detail
 +
Flags: X - disabled, D - dynamic
 +
0 D ;;; www.paypalobject.com
 +
    dst-address=68.178.232.99 action=allow hits=0
 +
</pre>
 +
 +
Also dynamic firewall and NAT rules are added to allow paypalobject.com resolved address
 +
<pre>
 +
[admin@493G] /ip firewall filter> print dynamic
 +
Flags: X - disabled, I - invalid, D - dynamic
 +
...
 +
7 D ;;; www.paypalobject.com
 +
    chain=hs-unauth action=return dst-address=68.178.232.99
 +
...
 +
 +
10 D ;;; www.paypalobject.com
 +
    chain=hs-unauth-to action=return src-address=68.178.232.99
 +
</pre>
 +
<pre>
 +
[admin@493G] /ip firewall nat> print dynamic
 +
Flags: X - disabled, I - invalid, D - dynamic
 +
...
 +
8 D ;;; www.paypalobject.com
 +
    chain=hs-unauth action=return dst-address=68.178.232.99
 +
...
 +
</pre>
 +
  
  

Revision as of 10:23, 15 October 2010

Version.png

Applies to RouterOS: v3, v4, v5+

Walled Garden

Sub-menu: /ip hotspot walled-garden


HTTP walled-garden, menu allows to set authentication bypass for HTTP and HTTPs resources

Properties

Property Description
action (allow | deny; Default: allow) Action to perform, when packet matches the rule
  • allow - allow access to the web-page without authorization
  • deny - the authorization is required to access the web-page
server (string; Default: ) Name of the HotSpot server, rule is applied to.
src-address (IP; Default: ) Source address of the user, usually IP address of the HotSpot client
method (string; Default: ) HTTP method of the request
dst-host (string; Default: ) Domain name of the destination web-server
dst-port (integer; Default: ) TCP port number, client sends request to
path (string; Default: ) The path of the request, path comes after '''http://dst_host/'''

Read-only properties

Property Description
dst-address (IP)
hits (integer)

IP Walled Garden

Sub-menu: /ip hotspot walled-garden ip


Walled-garden menu for the IP requests (Winbox, SSH, Telnet, SIP, etc.)

Properties

Property Description
action (allow | deny | reject; Default: allow) Action to perform, when packet matches the rule
  • allow - allow access to the web-page without authorization
  • deny - the authorization is required to access the web-page
  • reject - the authorization is required to access the resource, ICMP reject message will be sent to client, when packet will match the rule
server (string; Default: ) Name of the HotSpot server, rule is applied to.
src-address (IP; Default: ) Source address of the user, usually IP address of the HotSpot client
dst-address (IP; Default: ) Destination IP address, IP address of the WEB-server
dst-host (string; Default: ) Domain name of the destination web-server. When this parameter is specified dynamic entry is added to Walled Garden
dst-port (integer; Default: ) TCP port number, client sends request to
protocol (integer | string; Default: ) IP protocol


Example

When adding walled garden IP entry several dynamic rules are created. For example, lets add www.paypalobject.com

/ip hotspot walled-garden ip
add action=accept disabled=no dst-host=www.paypalobject.com

Now if you look at walled garden menu you will see dynamic entry for object we just added

[admin@493G] /ip hotspot walled-garden> print detail 
Flags: X - disabled, D - dynamic 
 0 D ;;; www.paypalobject.com
     dst-address=68.178.232.99 action=allow hits=0 

Also dynamic firewall and NAT rules are added to allow paypalobject.com resolved address

[admin@493G] /ip firewall filter> print dynamic 
Flags: X - disabled, I - invalid, D - dynamic 
...
 7 D ;;; www.paypalobject.com
     chain=hs-unauth action=return dst-address=68.178.232.99 
...

10 D ;;; www.paypalobject.com
     chain=hs-unauth-to action=return src-address=68.178.232.99 
[admin@493G] /ip firewall nat> print dynamic 
Flags: X - disabled, I - invalid, D - dynamic 
...
 8 D ;;; www.paypalobject.com
     chain=hs-unauth action=return dst-address=68.178.232.99 
...


[ Top | Back to Content ]