Konfiguracia Hotspot tak, aby logovanie bolo platne len pre cudzich uzivatelov. Bezny platiaci pojde mimo hotspot...
toto patri k hostpotu do dst-nat
add in-interface=LAN protocol=tcp flow=hotspot action=redirect to-dst-port=80 comment="redirect LAN-tcp unauthorized \
hotspot users do hotspot strediska :-\)" disabled=no
toto v mangle na koniec
add in-interface=LAN flow=!autorizacia action=accept mark-flow=hotspot comment="oznacenie a \
nepustenie paketov LAN dalej kvoli hotspot, musi byt nastavene accept nie prepustenie" disabled=no
add in-interface=!WAN p2p=all-p2p action=accept mark-flow=other-net-p2p mark-connection=/NET/0-p2p comment="!!!HOTSPOT" \
disabled=no
add in-interface=!WAN action=accept mark-flow=other-net mark-connection=/NET/0 comment="" disabled=no
add in-interface=WAN connection=/NET/0-p2p action=accept mark-flow=net-other-p2p comment="" disabled=no
add in-interface=WAN connection=/NET/0 action=accept mark-flow=net-other comment="" disabled=no
toto do scheduler
add name="reset_hotspot" on-event="/ip hotspot user reset-counters hotspot" start-date=apr/01/2005 start-time=00:00:00 \
interval=6h comment="resetuje kazdych 6hodin pocitadlo univerzalneho konta hotspot" disabled=no
toto patri do firewallu sekcie forward niekde na zaciatok
add flow=hotspot action=drop log=yes comment="zakaz tych, ktory neprejdu cez hotspot, ale idu priamo na web" disabled=no
a na zaver konfiguracia hotspot :
dns-name treba zvolit svoj, ip adresu skontrolovat, pripadne pridat, vo firewalli jej povolit pristup v input aj output...
/ ip hotspot
set use-ssl=no hotspot-address=172.20.0.1 dns-name="eros.example.net" status-autorefresh=5m universal-proxy=no \
parent-proxy=0.0.0.0:0 auth-requires-mac=yes auth-mac=no auth-mac-password=no auth-http-cookie=yes \
http-cookie-lifetime=7d allow-unencrypted-passwords=no login-mac-universal=no split-user-domain=no
/ ip hotspot profile
set GbelyNET name="GbelyNET" session-timeout=12h idle-timeout=5m shared-users=unlimited mark-flow="autorizacia" \
login-method=enabled-address keepalive-timeout=2m
add name="Hotspot" session-timeout=1h idle-timeout=5m shared-users=5 mark-flow="autorizacia" login-method=enabled-address \
keepalive-timeout=2m
/ ip hotspot user
add name="skrebon" password="" profile=GbelyNET comment="" disabled=no
add name="hotspot" password="" profile=Hotspot limit-uptime=3h limit-bytes-in=2500000 limit-bytes-out=5000000 \
comment="nechat pre autologin" disabled=no
/ ip hotspot universal service-port
set ftp ports=21 disabled=no
nezabudnut na dhcp server, aby prideloval tie ip, pridat aj ip do ip tables apod... treba logiku a klud.
Nie je na skodu, v html zadat v login i hodnotu, nech to maju na PDA uzivatelia lahsie:
<input type="text" value="hotspot" %input-user%>