[ nercibald3 @ 27.05.2017. 22:18 ] @
Trazio sam neko rijesenje da kada se korisnici zakace na WIFI rutera budu redirektovani na neki site.com
Uglavnom se javlja rijesenje u vidu pravljenja hotspot-a, login page itd...
meni treba, ako je moguce, da kada se korisnik zakaci na wifi i otvori browesr da bude preusmjeren na neki sajt.



Imam jos jedan problem,
Imam dva MT rb2011 na prvi dolazi kabovski internet a drugi se kaci na internet preko prvog UTP kablom. Medjutim spojeni na ovaj nacin drugi Mikrotik nema interneta. Ukoliko stavim neki drugi ruter izmedju ova dva mikrotika onda radi... ne kontam zasto.


[ alekksandar @ 29.05.2017. 07:42 ] @
Daj malo vise podataka sta je kako konfigurisano, ovako ce Informer da te "spamuje" :D
[ Informer @ 29.05.2017. 09:16 ] @
Citat:
nercibald3:kada se korisnik zakaci na wifi i otvori browesr


Pa da pocnemo sa spamom :)

Dakle, ovaj dogadjaj ruter ne moze da identifikuje. Pogotovo ne ako mu je prilikom otvaranja pretrazivaca podeseno da otvori praznu stranu :)

A ako si zeleo da prilikom pokusaja otvaranja neke strane dobije redirect na neku stranu to je onda vec druga stvar ali ni tu ruter ne moze da uradi mnogo jer je za tako nesto neophodna analiza koja je tacno ideja. Da li zelis da se samo prvi put kada se nesto otvori preusmeri na neki sajt? Da li zelis da postoji neki uslov za to? Pod kojim uslovima zelis da ga posle pustis dalje na net?

Citat:
Imam jos jedan problem,
Imam dva MT rb2011 na prvi dolazi kabovski internet a drugi se kaci na internet preko prvog UTP kablom. Medjutim spojeni na ovaj nacin drugi Mikrotik nema interneta. Ukoliko stavim neki drugi ruter izmedju ova dva mikrotika onda radi... ne kontam zasto.


Ovo pitanje je dusu dalo za spam :) Pa kako mi da znamo ako ti ne znas a nisi nam dao ni jedan jedini podatak? :)

Daj konfiguraciju sa oba?

/ip address p
/ip routes p
/ip firewall nat p

Nagadjanje: verovatno je na tom ruteru koji stavis izmedju ukljucen nat pa zato radi a kad ubodes jedan u drugi onda rade jednostavno rutiranje i ovaj prvi ne zna rutu do drugog.
[ nercibald3 @ 29.05.2017. 21:27 ] @
Ono sto zelim je teoretski jednostavno :)... Radi se o ruteru u restoranu i sobe drugi ruter, free wifi, - gost se zakaci na wifi - otvara browser - mikrotik ga preusmjerava na moj sajt na kojem senalazi recimo ponuda dana. I to je to.

Hotspot login mi neodgovara iz razloga sto dolazi razni profili gostiju, neki radije ukljuce 3g da se ne prijavljuju na hotspot.

Ovaj drugi problem:
- Automatska je konfiguracija na prvom ruteru u HomeAP modu.
- druge konfiguracije nisam dirao ocekivao sam da ce i drugi da radi automatski kao obicni ruter,
- na prvom ruteru na lan portu na kojem je drugi ukljucen stoji "forward" u firewall konfiguraciji.

- drugi ruter ima konfiguraciju hotspotsystem.com. Njemu pristupam preko mac adrese, nema IP (ja je ne vidim na winboxu)
[ alekksandar @ 30.05.2017. 06:53 ] @
E sve smo te razumeli
[ Informer @ 30.05.2017. 08:11 ] @
Citat:
nercibald3: Ono sto zelim je teoretski jednostavno :)... Radi se o ruteru u restoranu i sobe drugi ruter, free wifi, - gost se zakaci na wifi - otvara browser - mikrotik ga preusmjerava na moj sajt na kojem senalazi recimo ponuda dana. I to je to.


I dalje nisi nista precizirao od onog sto sam pitao. Ruter nije uredjaj namenjen za ovakve stvari (njegov posao je sasvim drugaciji) i jedino sto moze da se radi jeste neki prebudzivac sa dns-om ili redirekcijom ali tu se postavlja milion pitanja i pojavljuje mnoog potencijalnih problema a od tebe ni jednog odgovora.


Citat:
nercibald3: Medjutim spojeni na ovaj nacin drugi Mikrotik nema interneta. Ukoliko stavim neki drugi ruter izmedju ova dva mikrotika onda radi... ne kontam zasto.


Citat:
Njemu pristupam preko mac adrese, nema IP (ja je ne vidim na winboxu)


WTF???

Nemoj pogresno da me shvatis ali ako ocekujes da uredjaj koji nema IP adresu komunicira sa ostatkom Interneta ti onda imas malecki problem sa razumevanjem najosnovnijih stvari oko racunarskih mreza.

Druga opcija je da jednostavno ne umes da objasnis situaciju...
[ nercibald3 @ 30.05.2017. 12:55 ] @
Citat:
Informer: WTF???

Nemoj pogresno da me shvatis ali ako ocekujes da uredjaj koji nema IP adresu komunicira sa ostatkom Interneta ti onda imas malecki problem sa razumevanjem najosnovnijih stvari oko racunarskih mreza.

Druga opcija je da jednostavno ne umes da objasnis situaciju...


http://imgur.com/aJR3TZu

Na slici mozes vidjeti zbog cega sam rekao da ne vidim IP adresu. Ali evo vidio sam da na Local Network IP Adress stoji 10.5.50.1

Ova konfiguracija je preuzeta sa hotspotsystem.com gdje je za pristup internetu preko ovog mikrotika potrebno logiranje na facebook-a, zamisao je da zadrzim tu konfiguraciju, a da drugi mikrotik podesim da slicno radi ali bez logiranja ili nekog drugog cekiranja, vec da ga pri otvaranju browsera prebaci na sajt.

Da mi je makar da sa jednog na drugi proslijedim konekciju.
[ Informer @ 30.05.2017. 13:22 ] @
Ok ali i dalje nisi odgovorio na sve sto sam te pitao. Ako zelis pomoc onda moras da das sto vise informacija a pogotovo one informacije koje te direktno pitamo.
[ nercibald3 @ 30.05.2017. 13:37 ] @
/interface set ether1 name="ether1-gateway";
/ip dhcp-client add interface=ether1-gateway disabled=no comment="default configuration";
/interface bridge add name=bridge-local disabled=no auto-mac=yes protocol-mode=rstp;
/ip address add address=192.168.88.1/24 interface=bridge-local comment="default configuration";
/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
/ip dhcp-server add name=default address-pool="default-dhcp" interface=bridge-local lease-time=10m disabled=no;
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 comment="default configuration";
/ip dns static add name=router address=192.168.88.1
/ip dns static add name=Google1 address=8.8.8.8
/ip dns static add name=Google2 address=8.8.4.4
/ip firewall nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration"
/ip neighbor discovery set [find name="ether1-gateway"] discover=no
/ip hotspot profile add hotspot-address=10.5.50.1 name=hsprof1
/ip pool add name=hs-pool-3 ranges=10.5.48.1-10.5.63.254
/interface bridge add name="HS_bridge" disabled=no auto-mac=yes protocol-mode=rstp
/interface wireless set wlan1 mode=ap-bridge ssid=HotspotSystem.com_A default-forwarding=no disabled=no band=2ghz-b/g/n
/interface wireless set wlan2 mode=ap-bridge ssid=HotspotSystem.com_B default-forwarding=no disabled=no band=5ghz-a/n/ac
/ip dhcp-server add address-pool=hs-pool-3 disabled=no interface=HS_bridge lease-time=1h name=dhcp1
/ip hotspot add address-pool=hs-pool-3 disabled=no interface=HS_bridge name=hotspot1 profile=hsprof1
/ip address add address=10.5.50.1/20 comment="HotspotSystem network" interface=HS_bridge network=10.5.48.0
/ip dhcp-server network add address=10.5.48.0/20 comment="hotspot network" gateway=10.5.50.1
/ip firewall nat add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.5.48.0/20
/ip hotspot user add name=admin
/ip hotspot profile set hsprof1 use-radius=yes
/ip hotspot profile set hsprof1 login-by=http-pap,http-chap,https
/radius add service=hotspot address=195.228.75.174 secret=hotsys123 timeout=3000ms
/radius add service=hotspot address=85.25.150.36 secret=hotsys123 timeout=3000ms
/ip hotspot walled-garden add dst-host=*.hotspotsystem.com
/ip hotspot walled-garden add dst-host=*.worldpay.com
/ip hotspot walled-garden add dst-host=*.paypal.com
/ip hotspot walled-garden add dst-host=*.paypalobjects.com
/ip hotspot walled-garden add dst-host=*.paypal-metrics.com
/ip hotspot walled-garden add dst-host=*.altfarm.mediaplex.com
/ip hotspot walled-garden add dst-host=*.akamaiedge.net
/ip hotspot walled-garden add dst-host=paypal.112.2O7.net
/ip hotspot walled-garden add dst-host=*.moneybookers.com
/ip hotspot walled-garden add dst-host=*.adyen.com
/ip hotspot walled-garden add dst-host=*.directebanking.com
/ip hotspot walled-garden add dst-host=*.paysafecard.com
/ip hotspot walled-garden add dst-host=betalen.rabobank.nl
/ip hotspot walled-garden add dst-host=*.ing.nl
/ip hotspot walled-garden add dst-host=ideal.abnamro.nl
/ip hotspot walled-garden add dst-host=*.triodos.nl
/ip hotspot walled-garden add dst-host=*.asnbank.nl
/ip hotspot walled-garden add dst-host=*.knab.nl
/ip hotspot walled-garden add dst-host=*.regiobank.nl
/ip hotspot walled-garden add dst-host=*.snsbank.nl
/ip hotspot walled-garden add dst-host=api.mailgun.net
/ip hotspot walled-garden ip add dst-address=194.149.46.0/24
/ip hotspot walled-garden ip add dst-address=198.241.128.0/17
/ip hotspot walled-garden ip add dst-address=66.211.128.0/17
/ip hotspot walled-garden ip add dst-address=216.113.128.0/17
/ip hotspot walled-garden ip add dst-address=70.42.128.0/17
/ip hotspot walled-garden ip add dst-address=128.242.125.0/24
/ip hotspot walled-garden ip add dst-address=216.52.17.0/24
/ip hotspot walled-garden ip add dst-address=62.249.232.74
/ip hotspot walled-garden ip add dst-address=155.136.68.77
/ip hotspot walled-garden ip add dst-address=66.4.128.0/17
/ip hotspot walled-garden ip add dst-address=66.211.128.0/17
/ip hotspot walled-garden ip add dst-address=66.235.128.0/17
/ip hotspot walled-garden ip add dst-address=88.221.136.146
/ip hotspot walled-garden ip add dst-address=195.228.254.149
/ip hotspot walled-garden ip add dst-address=195.228.254.152
/ip hotspot walled-garden ip add dst-address=203.211.140.157
/ip hotspot walled-garden ip add dst-address=203.211.150.204
/ip hotspot walled-garden ip add dst-address=82.199.90.136/29
/ip hotspot walled-garden ip add dst-address=82.199.90.160/27
/ip hotspot walled-garden ip add dst-address=91.212.42.0/24
/ip hotspot walled-garden add dst-host=*.facebook.com
/ip hotspot walled-garden add dst-host=*.facebook.net
/ip hotspot walled-garden add dst-host=*.fbcdn.net
/ip hotspot walled-garden add dst-host=*.licdn.net
/ip hotspot walled-garden add dst-host=*.licdn.com
/ip hotspot walled-garden add dst-host=*.akamaihd.net
/ip hotspot walled-garden add dst-host=*.akamai.net
/ip hotspot walled-garden add dst-host=*.akamaiedge.net
/ip hotspot walled-garden add dst-host=*.cloudfront.com
/ip hotspot walled-garden add dst-host=*.twimg.com
/ip hotspot walled-garden add dst-host=api.twitter.com
/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp place-before=0 comment="Allow WinBox from WAN"
/system clock set time-zone-autodetect=no time-zone-name=manual
/system clock manual set time-zone=gmt dst-delta=+00:00
/system ntp client set enabled=yes server-dns-names=pool.ntp.org
/system scheduler add interval=1h name=up on-event="/tool fetch keep-result=no mode=http address=tech.hotspotsystem.com host=tech.hotspotsystem.com src-path=(\"up.php\\\?mac=\".[/interface ethernet get 0 mac-address].\"&nasid=\".[/system identity get name].\"&os_date=Mikrotik&uptime=\".[/system clock get time].\"%20up%20\".[/system resource get uptime].\",%20load%20average:%20\".[/system resource get cpu-load].\"%\")" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/01/1970 start-time=01:38:00
/ip hotspot user profile set default shared-users=5
/system identity set name=Nercibald_1
/interface bridge port add bridge=HS_bridge interface=wlan1
:if ([:len [/file find name=flash]] > 0) do={/ip hotspot profile set html-directory=/flash/hotspot;/tool fetch url=https://www.hotspotsystem.com/firmware/mikrotik/login.html dst-path=/flash/hotspot/login.html mode=https;/tool fetch url=https://www.hotspotsystem.com/firmware/mikrotik/alogin.html dst-path=/flash/hotspot/alogin.html mode=https;} else={/ip hotspot profile set html-directory=/hotspot;/tool fetch url=https://www.hotspotsystem.com/firmware/mikrotik/login.html dst-path=/hotspot/login.html mode=https;/tool fetch url=https://www.hotspotsystem.com/firmware/mikrotik/alogin.html dst-path=/hotspot/alogin.html mode=https;}



Ovo je konfiguracija MT za Hotspot. Svi ovi sajtovi su tu iz razloga sto se radi o ''besplatnoj'' varijanti Hotspot usluzi.
[ nercibald3 @ 30.05.2017. 13:47 ] @
Ovo dobijem u terminalu:

[admin@MikroTik] > /ip address p
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.88.1/24 192.168.88.0 ether2-master
1 D 77.78.235.70/22 77.78.232.0 ether1
[admin@MikroTik] > /ip route p
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 77.78.232.1 1
1 ADC 77.78.232.0/22 77.78.235.70 ether1 0
2 ADC 192.168.88.0/24 192.168.88.1 bridge 0
[admin@MikroTik] > /ip firewall nat p
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
[ Informer @ 31.05.2017. 09:37 ] @
Nista ne razumem... sta je od ovog konfiguracija prvog a sta drugog uredjaja?
[ nercibald3 @ 31.05.2017. 12:23 ] @
Citat:
Informer: Nista ne razumem... sta je od ovog konfiguracija prvog a sta drugog uredjaja?


Sto ja mogu zakomplikovati jednostavne stvari to ne moze niko.....

Evo za Mikrotik na kojem je konfigurisan hot spot, na njega trebam dovesti internet sa drugog Mikortika:


[admin@Nercibald_1] > ip address p
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 bridge-local
1 ;;; HotspotSystem network
10.5.50.1/20 10.5.48.0 HS_bridge
2 D 192.168.15.100/24 192.168.15.0 ether1-gateway


[admin@Nercibald_1] > ip route p
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.15.1 1
1 ADC 10.5.48.0/20 10.5.50.1 HS_bridge 0
2 ADC 192.168.15.0/24 192.168.15.100 ether1-gateway 0
3 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0

[admin@Nercibald_1] > ip firewall nat p
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client

1 D chain=hotspot action=jump jump-target=pre-hotspot

2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53

3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53

4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-ds>
dst-port=80

5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-ds>
dst-port=443

6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth

7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth

8 D chain=hs-unauth action=return dst-address=194.149.46.0/24

9 D chain=hs-unauth action=return dst-address=198.241.128.0/17

[ nercibald3 @ 31.05.2017. 12:26 ] @
Drugi mikrotik nisam nista podesavao samo je ukljucen internet do njega. Imam na njemu zakaceno jos 2 ''obicna rutera''

[admin@MikroTik] > /ip address p
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.88.1/24 192.168.88.0 ether2-master
1 D 77.78.235.70/22 77.78.232.0 ether1

[admin@MikroTik] > /ip route p
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 77.78.232.1 1
1 ADC 77.78.232.0/22 77.78.235.70 ether1 0
2 ADC 192.168.88.0/24 192.168.88.1 bridge 0

[admin@MikroTik] > /ip firewall nat p
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
[ Informer @ 31.05.2017. 16:12 ] @
Pa za pocetak imas konflikt sa ip adresama i sa kolizionim domenima. I na jednom i na drugom su isti definisani (192.168.88/24). To nece da moze...

Dalje, na drugom imas definisanu rutu /0 i za nju destinaciju 192.168.15.1 ali nigde ne vidim kom je interfejsu i na kom uredjaju ta adresa dodeljena?
[ nercibald3 @ 31.05.2017. 17:13 ] @
Citat:


Dalje, na drugom imas definisanu rutu /0 i za nju destinaciju 192.168.15.1 ali nigde ne vidim kom je interfejsu i na kom uredjaju ta adresa dodeljena?


Ovo je Cisco wrp400, on m je veza interneta izmedju Mikrotikova, odnosno bez njega nemam interneta na Mikrotiku na kojem je Hotspot.
[ Informer @ 31.05.2017. 17:44 ] @
Dobro ali ti si se zalio da ta dva mikrotika kada su direktno povezani nemaju komunikaciju izmedju sebe. Daj konfiguraciju za taj slucaj. Sta nas briga za konfiguraciju koja radi :)

[Ovu poruku je menjao Informer dana 31.05.2017. u 19:45 GMT+1]
[ nercibald3 @ 31.05.2017. 20:49 ] @
Evo direktno veza MT-MT

Ovo je sa Mikrotika na kojem je Hotspot... namjerno sam kopirao ovo prvo ''dhcp,critical,error dhcp-client on ether1-gateway lost IP.....''

jan/02/1970 08:28:11 dhcp,critical,error dhcp-client on ether1-gateway lost IP address 192.168.15.100 - received NAK from dhcp server 192.168.88.1

[admin@Nercibald_1] > ip address p
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 bridge-local
1 ;;; HotspotSystem network
10.5.50.1/20 10.5.48.0 HS_bridge
2 D 192.168.88.250/24 192.168.88.0 ether1-gateway

[admin@Nercibald_1] > ip route p
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.88.1 1
1 ADC 10.5.48.0/20 10.5.50.1 HS_bridge 0
2 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0
ether1-gateway


[admin@Nercibald_1] > ip firewall nat p
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client

1 D chain=hotspot action=jump jump-target=pre-hotspot

2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53

3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53

4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80

5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443

6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth

7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth

8 D chain=hs-unauth action=return dst-address=194.149.46.0/24

9 D chain=hs-unauth action=return dst-address=198.241.128.0/17

10 D chain=hs-unauth action=return dst-address=66.211.128.0/17

11 D chain=hs-unauth action=return dst-address=216.113.128.0/17

12 D chain=hs-unauth action=return dst-address=70.42.128.0/17

13 D chain=hs-unauth action=return dst-address=128.242.125.0/24

14 D chain=hs-unauth action=return dst-address=216.52.17.0/24

15 D chain=hs-unauth action=return dst-address=62.249.232.74

16 D chain=hs-unauth action=return dst-address=155.136.68.77

17 D chain=hs-unauth action=return dst-address=66.4.128.0/17

18 D chain=hs-unauth action=return dst-address=66.211.128.0/17

19 D chain=hs-unauth action=return dst-address=66.235.128.0/17

20 D chain=hs-unauth action=return dst-address=88.221.136.146

21 D chain=hs-unauth action=return dst-address=195.228.254.149

22 D chain=hs-unauth action=return dst-address=195.228.254.152

23 D chain=hs-unauth action=return dst-address=203.211.140.157

24 D chain=hs-unauth action=return dst-address=203.211.150.204
[ Informer @ 31.05.2017. 22:14 ] @
Citat:
nercibald3: jan/02/1970 08:28:11 dhcp,critical,error dhcp-client on ether1-gateway lost IP address 192.168.15.100 - received NAK from dhcp server 192.168.88.1


Ovo znaci da je od dhcp-a zatrazio da koristi IP adresu koju mu je prethodni dhcp (Cisco) dodelio a ovaj novi mu je rekao "NAK" (not acknowledge) i dodelio mu drugu adresu.

I onda kad je dodelio drugu adresu opet imas konflikt jer na dva interfejsa imas isti opseg 192.168.88/24.

Dalje, imas rutu ka /0 gde je gateway 192.168.88.1 a ta adresa vec postoji na istom ruteru...

Znaci, moras da resis konflikte.
[ nercibald3 @ 31.05.2017. 23:23 ] @
Citat:


Znaci, moras da resis konflikte.


E to je to....Izmjenio sam ip adrese na Hotspot-u i evo ga radi bez ''posredinka'' ...... Hvala na neizmjernom strpljenju :)

[admin@Nercibald_1] > ip address p
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.7.1/24 192.168.7.0 bridge-local
1 ;;; HotspotSystem network
10.5.50.1/20 10.5.48.0 HS_bridge
2 D 192.168.88.250/24 192.168.88.0 ether1-gateway
[admin@Nercibald_1] > ip route p
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.88.1 1
1 DS 0.0.0.0/0 192.168.88.1 1
2 ADC 10.5.48.0/20 10.5.50.1 HS_bridge 0
3 ADC 192.168.7.0/24 192.168.7.1 bridge-local 0
4 ADC 192.168.88.0/24 192.168.88.250 ether1-gateway 0
[admin@Nercibald_1] > ip firewall nat p
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client

1 D chain=hotspot action=jump jump-target=pre-hotspot

2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53

3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53

4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-ds>
dst-port=80

5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-ds>
dst-port=443

6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth

7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth

8 D chain=hs-unauth action=return dst-address=194.149.46.0/24

9 D chain=hs-unauth action=return dst-address=198.241.128.0/17
[ nercibald3 @ 08.06.2017. 09:48 ] @
Uspio sam podesiti redirect na prvo otvaranje browsera nakon konektovanja na mikrotik,preko proxy, ali problem sto radirekt kad hocu otviriti neki drugi sajt.