beautypg.com

Property description, Example, Description – Allied Telesis AT-WR4500 User Manual

Page 233

background image

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

233

RouterOS v3 Configuration and User Guide

Property Description

name (read-only: name) - protocol name
ports (read-only: integer) - list of the ports on which the protocol is working

Example

To set the FTP protocol uses both 20 and 21 TCP port:

[admin@AT-WR4562] ip hotspot service-port> print
Flags: X - disabled
# NAME PORTS
0 ftp 21
[admin@AT-WR4562] ip hotspot service-port> set ftp ports=20,21
[admin@AT-WR4562] ip hotspot service-port> print
Flags: X - disabled
# NAME PORTS
0 ftp 20
21
[admin@AT-WR4562] ip hotspot service-port>

10.3.9

Customizing HotSpot: Firewall Section

Description

Apart from the obvious dynamic entries in the /ip hotspot submenu itself (like hosts and active users),
some additional rules are added in the firewall tables when activating a HotSpot service. Unlike RouterOS
version 2.8, there are relatively few firewall rules added in the firewall as the main job is made by the one-
to-one NAT algorithm.

NAT rules
From /ip firewall nat print dynamic command, you can get something like this (comments follow after
each of the rules):

0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client


Putting all HotSpot-related tasks for packets from all HotSpot clients into a separate chain

1 I chain=hotspot action=jump jump-target=pre-hotspot


Any actions that should be done before HotSpot rules apply, should be put in the pre-hotspot chain.
This chain is under full administrator control and does not contain any rules set by the system, hence the
invalid jump rule (as the chain does not have any rules by default).

2 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=udp
3 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=tcp

Redirect all DNS requests to the HotSpot service. The 64872 port provides DNS service for all HotSpot
users. If you want HotSpot server to listen also to another port, add rules here the same way, changing
dst-port property

4 D chain=hotspot action=redirect to-ports=64873 hotspot=local-dst dst-port=80
protocol=tcp


Redirect all HTTP login requests to the HTTP login servlet. The 64873 is HotSpot HTTP servlet port.

5 D chain=hotspot action=redirect to-ports=64875 hotspot=local-dst dst-port=443
protocol=tcp


Redirect all HTTPS login requests to the HTTPS login servlet. The 64875 is HotSpot HTTPS servlet port.

6 D chain=hotspot action=jump jump-target=hs-unauth hotspot=!auth protocol=tcp

This manual is related to the following products:
See also other documents in the category Allied Telesis Hardware: