Difference between revisions of "Manual:IP/Hotspot/Walled Garden"

From MikroTik Wiki
Jump to: navigation, search
(IP Walled Garden)
(Example)
Line 155: Line 155:
  
  
===Example===
+
==Example==
  
 
When adding walled garden IP entry several dynamic rules are created. For example, lets add ''www.paypalobject.com''
 
When adding walled garden IP entry several dynamic rules are created. For example, lets add ''www.paypalobject.com''

Revision as of 10:35, 15 October 2010

Version.png

Applies to RouterOS: v3, v4, v5+

Walled Garden

Sub-menu: /ip hotspot walled-garden


HTTP walled-garden, menu allows to set authentication bypass for HTTP and HTTPs resources

Properties

Property Description
action (allow | deny; Default: allow) Action to perform, when packet matches the rule
  • allow - allow access to the web-page without authorization
  • deny - the authorization is required to access the web-page
server (string; Default: ) Name of the HotSpot server, rule is applied to.
src-address (IP; Default: ) Source address of the user, usually IP address of the HotSpot client
method (string; Default: ) HTTP method of the request
dst-host (string; Default: ) Domain name of the destination web-server
dst-port (integer; Default: ) TCP port number, client sends request to
path (string; Default: ) The path of the request, path comes after '''http://dst_host/'''

Read-only properties

Property Description
dst-address (IP)
hits (integer)

IP Walled Garden

Sub-menu: /ip hotspot walled-garden ip


Walled-garden menu for the IP requests (Winbox, SSH, Telnet, SIP, etc.)

Properties

Property Description
action (allow | deny | reject; Default: allow) Action to perform, when packet matches the rule
  • allow - allow access to the web-page without authorization
  • deny - the authorization is required to access the web-page
  • reject - the authorization is required to access the resource, ICMP reject message will be sent to client, when packet will match the rule
server (string; Default: ) Name of the HotSpot server, rule is applied to.
src-address (IP; Default: ) Source address of the user, usually IP address of the HotSpot client
dst-address (IP; Default: ) Destination IP address, IP address of the WEB-server
dst-host (string; Default: ) Domain name of the destination web-server. When this parameter is specified dynamic entry is added to Walled Garden
dst-port (integer; Default: ) TCP port number, client sends request to
protocol (integer | string; Default: ) IP protocol


Example

When adding walled garden IP entry several dynamic rules are created. For example, lets add www.paypalobject.com

/ip hotspot walled-garden ip
add action=accept disabled=no dst-host=www.paypalobject.com

Now if you look at walled garden menu you will see dynamic entry for object we just added

[admin@493G] /ip hotspot walled-garden> print detail 
Flags: X - disabled, D - dynamic 
 0 D ;;; www.paypalobject.com
     dst-address=68.178.232.99 action=allow hits=0 

Also dynamic firewall and NAT rules are added to allow paypalobject.com resolved address

[admin@493G] /ip firewall filter> print dynamic 
Flags: X - disabled, I - invalid, D - dynamic 
...
 7 D ;;; www.paypalobject.com
     chain=hs-unauth action=return dst-address=68.178.232.99 
...

10 D ;;; www.paypalobject.com
     chain=hs-unauth-to action=return src-address=68.178.232.99 
[admin@493G] /ip firewall nat> print dynamic 
Flags: X - disabled, I - invalid, D - dynamic 
...
 8 D ;;; www.paypalobject.com
     chain=hs-unauth action=return dst-address=68.178.232.99 
...


[ Top | Back to Content ]