Forum

Cliente apos logar nao acessa mais o ip do MK

Postado por Marcos Povoa Barbosa em 10 de Janeiro de 2013 às 20:37

Meu Mk de uma mexida pra outra parou de mostrar os avisos aos clientes. Notei que antes de logar consigo acessar o ip do MK e os avisos, logado  a pagina não abre mais, alguem tem uma solução? Meu Mk é ligados em dois mikrotik, o outro ta legal.

Visualizações: 30

Para adicionar comentários, você deve ser membro de MK-AUTH.

Join MK-AUTH

Votos 0
Enviar-me um email quando as pessoas responderem –
Seguir

Respostas

  • Marcos Povoa Barbosa Janeiro 18, 2013 13:20

    Resolvido no ponto 2 foi só desmarcar a opção de interface out no nat "mascaramento hotspot" 

  • Marcos Povoa Barbosa Janeiro 12, 2013 20:49

    MIKROTIK 2 -- SIMPLESMENTE PAROU .. AUTENTICA, BLOQUEIA, MAS NAO ENVIA AS PAGINAS DE AVISO

    /interface ethernet
    set 0 comment="LINK DE INTERNET"
    set 1 comment="SERVIDOR MK-AUTH"
    set 2 comment="SAIDA PARA CLIENTES"


    /ip address
    <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
    add address=172.16.1.1/30 interface=ether3 network=172.16.1.0
    add address=172.16.2.1/30 interface=ether3 network=172.16.2.0
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>..

    add address=177.54.xxx.xxx/27 comment="IPS VALIDO" interface=ether1 network=\
    177.54.xxx.xxx


    add address=172.31.255.3/28 comment=MK-AUTH interface=ether2 network=\
    172.31.255.0

    add address=10.3.0.1/22 comment="PG CORTE" interface=ether3 network=10.3.0.0
    [SOCRAM@SERVER GOIABEIRA] /ip address>


    ip route
    add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
    !bgp-med !bgp-origin !bgp-prepend !check-gateway distance=1 gateway=\
    177.54.xxx.xxx !route-tag !routing-mark
    add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
    !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
    gateway=172.31.255.1 !route-tag !routing-mark

    ip firewall nat
    add action=dst-nat chain=dstnat comment="PG CORTE" dst-address=!172.31.255.2 \
    protocol=tcp src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85
    add action=dst-nat chain=dstnat comment="PG CORTE" dst-address=!172.31.255.2 \
    protocol=tcp src-address=10.3.0.2-10.3.3.254 to-addresses=172.31.255.2 \
    to-ports=85
    add action=dst-nat chain=dstnat comment="PG NIGHT" protocol=tcp \
    src-address-list=pgnight to-addresses=172.31.255.2 to-ports=81
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes to-addresses=0.0.0.0 !to-ports
    add action=redirect chain=dstnat comment=MANUTENCAO disabled=yes dst-port=80 \
    protocol=tcp !to-addresses to-ports=64873
    add action=src-nat chain=srcnat comment="1_REPASSE IP REAL" disabled=yes \
    src-address=172.16.254.34 to-addresses=177.54.xxx.xxx !to-ports
    add action=dst-nat chain=dstnat comment="2-REPASSE IP REAL" disabled=yes \
    dst-address=177.54.xxx.xxx to-addresses=172.16.254.34 !to-ports
    add action=masquerade chain=srcnat comment="MASCARAMENTO DA REDE HOTSPOT" \
    out-interface=ether1 !to-addresses !to-ports

    /ip pool
    add name=hs-pool-1 ranges=172.16.0.2-172.16.255.254
    add name=pgcorte ranges=10.3.0.2-10.3.3.254

    /radius
    add address=172.31.255.2 secret=123456 service=hotspot timeout=500ms
    /radius incoming
    set accept=yes


    /ip hotspot profile
    set [ find default=yes ] html-directory=manutencao login-by=http-pap \
    nas-port-type=ethernet use-radius=yes
    add http-cookie-lifetime=6h login-by=cookie,http-pap name=hsprof1 \
    radius-interim-update=3m use-radius=yes
    /ip hotspot
    add disabled=no interface=ether3 keepalive-timeout=2m name=MEGA90 profile=\
    hsprof1
    /ip hotspot user profile
    set [ find default=yes ] idle-timeout=none keepalive-timeout=2m rate-limit=\
    "512k/512k 1000k/1000k 300k/300k 60/60 4 512k/512k"
    add address-pool=hs-pool-1 idle-timeout=none keepalive-timeout=2m name=\
    "PLANO ADMINISTRADOR" shared-users=unlimited
    add address-pool=hs-pool-1 idle-timeout=none keepalive-timeout=6h name=\
    "PLANO 2 MEGAS" rate-limit=\
    "2000k/2000k 3000k/3000k 1000k/1000k 180/180 1 2000k/2000k" shared-users=\
    unlimited
    add advertise=yes advertise-interval=0s,10m advertise-timeout=immediately \
    advertise-url=bloqueio.html,http://www.routerboard.com/ idle-timeout=none \
    keepalive-timeout=2m name=BLOQUEIO transparent-proxy=yes

    /ip hotspot walled-garden
    add dst-host=172.31.255.2 dst-port=80
    add dst-host=172.31.255.2 dst-port=85

  • Marcos Povoa Barbosa Janeiro 12, 2013 20:36

    mikrotik 1 - funciona normal

    /interface ethernet
    set 0 comment="LINK DE INTERNET"
    set 1 comment="SERVIDOR MK-AUTH"
    set 2 comment="SAIDA PARA CLIENTES"
    [SOCRAM@SERVER CUP-ALDEIA] /interface>


    /ip address
    add address=172.17.0.1/30 interface=ether3 network=172.17.0.0
    add address=172.18.0.1/30 interface=ether3 network=172.18.0.0
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    add address=177.54.xxx.xxx/30 interface=ether1 network=177.54.xxx.xxx
    add address=177.54.xxx.xxx/27 comment="IPS VALIDOS" interface=ether1 network=\
    177.54.xxx.xxx

    add address=172.31.255.1/28 comment=MK-AUTH interface=ether2 network=\
    172.31.255.0

    add address=10.3.0.1/22 comment="PG CORTE" interface=ether3 network=10.3.0.0
    [SOCRAM@SERVER CUP-ALDEIA] /ip address>


    /ip firewall nat
    add action=dst-nat chain=dstnat comment="PG CORTE" dst-address=!172.31.255.2 \
    protocol=tcp src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85
    add action=dst-nat chain=dstnat comment="PG CORTE" dst-address=!172.31.255.2 \
    protocol=tcp src-address=10.3.0.2-10.3.3.254 to-addresses=172.31.255.2 \
    to-ports=85
    add action=dst-nat chain=dstnat comment="PG NIGHT" protocol=tcp \
    src-address-list=pgnight to-addresses=172.31.255.2 to-ports=81
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes to-addresses=0.0.0.0 !to-ports
    add action=redirect chain=dstnat comment=MANUTENCAO disabled=yes dst-port=80 \
    protocol=tcp !to-addresses to-ports=64873
    add action=src-nat chain=srcnat comment="1_REPASSE IP REAL" src-address=\
    172.31.255.2 to-addresses=177.54.105.162 !to-ports
    add action=dst-nat chain=dstnat comment="2-REPASSE IP REAL" dst-address=\
    177.54.xxx.xxx to-addresses=172.31.255.2 !to-ports
    add action=masquerade chain=srcnat comment="MASCARAMENTO DA REDE HOTSPOT" \
    out-interface=ether1 !to-addresses !to-ports
    add action=dst-nat chain=dstnat comment="ACESSO EXTERNO PAINEL THUNDERCACHE" \
    disabled=yes dst-port=8082 in-interface=ether1 protocol=tcp to-addresses=\
    172.31.255.5 to-ports=82
    add action=dst-nat chain=dstnat disabled=yes dst-port=8022 in-interface=ether1 \
    protocol=tcp to-addresses=172.31.255.5 to-ports=22
    [SOCRAM@SERVER CUP-ALDEIA] /ip firewall>

    /ip pool
    add name=hs-pool-1 ranges=172.17.0.0/16,172.18.0.0/16
    add name=pgcorte ranges=10.3.0.2-10.3.3.254

    /radius
    add address=172.31.255.2 secret=123456 service=hotspot timeout=900ms
    /radius incoming
    set accept=yes

    /ip hotspot profile
    set [ find default=yes ] html-directory=manutencao login-by=http-pap \
    nas-port-type=ethernet use-radius=yes
    add http-cookie-lifetime=6h login-by=cookie,http-pap name=hsprof1 \
    nas-port-type=ethernet radius-interim-update=3m use-radius=yes
    /ip hotspot
    add address-pool=hs-pool-1 disabled=no interface=ether3 keepalive-timeout=2m \
    name=MEGA90 profile=hsprof1
    /ip hotspot user profile
    set [ find default=yes ] idle-timeout=none keepalive-timeout=2m rate-limit=\
    "512k/512k 1000k/1000k 300k/300k 60/60 4 512k/512k"
    add idle-timeout=none keepalive-timeout=2m name="PLANO ADMINISTRADOR" \
    shared-users=unlimited
    add idle-timeout=none keepalive-timeout=2m name="PLANO 2 MEGAS" rate-limit=\
    "2000k/2000k 3000k/3000k 1000k/1000k 180/180 1 2000k/2000k" shared-users=\
    unlimited
    add advertise=yes advertise-interval=0s,10m advertise-timeout=immediately \
    advertise-url=bloqueio.html,http://www.routerboard.com/ idle-timeout=none \
    keepalive-timeout=2m name=BLOQUEIO transparent-proxy=yes

    /ip hotspot walled-garden
    add dst-host=172.31.255.2 dst-port=80
    add dst-host=172.31.255.2 dst-port=85
    [SOCRAM@SERVER CUP-ALDEIA] /ip hotspot>

  • Marcos Povoa Barbosa Janeiro 12, 2013 20:03

    O ip é fixo para cada um 172.16.0.xx uso hotspot - fiz um desenho pra ver se da pra compreender, seria possivel usar um ip real no MK auth e a autenticação ser feita na rede externa?? e o bloqueio funcionaria?? vou postar as regra de ambos abaixo, lembrando q no ponto 1 funciona normal, o ponto 2 depois de autenticar perde o acess a centra.1488475256?profile=RESIZE_1024x1024.

  • Pedro Filho Janeiro 11, 2013 22:56

    verifica qual o ip do cliente depois dele logar ?? vc usa hotspot ou pppoe ??

  • Marcos Povoa Barbosa Janeiro 11, 2013 9:17

    v6.0rc6 - (os dois Mikrotiks) um continua funcionando

    renan castro de medeiros disse:

    amigo voce atualizou seu mikrotik para qual verção ?

  • Marcos Povoa Barbosa Janeiro 10, 2013 21:15

    Isso mesmo, depois que atualizei (mikrotik e mk) do nada os clientes que estao em um mikrotik (faixa 172.16.xxx) nao recebem mais as paginas de aviso, logam normal (ssh ok) bloqueio funciona (mas não aparece pagina) se nao tiver logado acesso a central do cliente , se logar nao abre mais. O outro mikrotik (faixa 172.17.xxx) ligado no mesmo mk-auth continou normal, as regras conferi uma a uma pra ver se perdeu algo na atualização ta ok. 

This reply was deleted.