AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

231

RouterOS v3 Configuration and User Guide

 

 

 

Example

To allow unauthorized requests to the www.example.com domain's /paynow.html page:

[admin@AT-WR4562] ip hotspot walled-garden> add path="/paynow.html" \ \... dst-host="www.example.com"

[admin@AT-WR4562] ip hotspot walled-garden> print Flags: X - disabled, D - dynamic

0dst-host="www.example.com" path="/paynow.html" action=allow [admin@AT-WR4562] ip hotspot walled-garden>

10.3.4IP-level Walled Garden

Submenu level: /ip hotspot walled-garden ip

Description

This menu is manages Walled Garden for generic IP requests. See the previous section for managing HTTP and HTTPS protocol specific properties (like the actual DNS name, HTTP method and path used in requests).

Property Description

action (accept drop reject; default: accept) - action to undertake if a packet matches the rule: accept - allow the access to the page without prior authorization

drop - the authorization is required to access this page

reject - the authorization is required to access this page, in case the page will be accsessed withot authorization ICMP reject message host-unreachable will be generated

dst-address(IP address) - IP address of the destination web server

dst-host(text; default: "") - domain name of the destination web server (this is not a regular expression or a wildcard of any kind). The DNS name specified is resolved to a list of IP addresses when the rule is added, and all those IP addresses are used

dst-port(integer; default: "") - the TCP or UDP port (protocol MUST be specified explicitly in the protocol property) a client has send the request to

protocol (integer ddp egp encap ggp gre hmp icmp idpr-cmtp igmp ipencap ipip ipsec-ah ipsec-esp iso- tp4 ospf pup rdp rspf st tcp udp vmtp xns-idp xtp) - IP protocol name

server (name) - name of the HotSpot server this rule applied to src-address(IP address) - IP address of the user sending the reques

10.3.5One-to-one NAT static address bindings

Submenu level: /ip hotspot ip-binding

Description

You can setup NAT translations statically based on either the original IP address (or IP network), or the original MAC address. You can also allow some addresses to bypass HotSpot authentication (i.e., they will be able work without having to log in to the network first) and completely block some addresses.

Property Description

address (IP address / [netmask]; default: "") - the original IP address or network of the client

mac-address(MAC address; default: "") - the source MAC address of the client

server (nameall; default: all) - the name of the server the client is connecting to

to-address(IP address; default: "") - IP address to translate the original client address to. If address property is given as network, this is the starting address for the translation (i.e., the first address is translated to to-address, address + 1 to to-address+ 1, and so on)

type (regular bypassed blocked) - type of the static binding entry

regular - perform a one-to-one NAT translation according to the values set in this entry bypassed - perform the translation, but exclude the client from having to log in to the HotSpot system blocked - the translation will not be preformed, and all packets from the host will be dropped

Page 231
Image 231
Allied Telesis AT-WR4500 manual IP-level Walled Garden, One-to-one NAT static address bindings