Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card

271

272

273

274

275

276

277

278

279

280

1. make sure, web-proxy software package is installed and DNS client is configured

2. it is assumed, that HotSpot is set up and successfully running on port 8088. Hotspot

clients are connected to the interface named prism1

3. set up HotSpot to use one of the router's local IP addresses (10.5.50.1):

/ip hotspot set hotspot-address=10.5.50.1

4. set up web-proxy to run on the same IP address on the port 3128:

/ip web-proxy set enabled=yes src-address=10.5.50.1:3128 transparent-proxy=yes

5. configure hotspot service to use this web proxy as its parent proxy:

/ip hotspot set parent-proxy=10.5.50.1:3128

6. redirect all requests from hotspot interface to port 80 (except to 10.5.50.1), to the

web-proxy:

/ip firewall dst-nat add in-interface=prism1 dst-address=!10.5.50.1/32 \

dst-port=80 protocol=tcp action=redirect

to-dst-port=8088 comment="transparent proxy"

7. Now, everything should be working fine. Only traffic of the redirected requests to the

web-proxy will not be accounted. It's because this traffic will not pass through the

forward chain.

to enable accounting for the HotSpot user traffic to/from transparent web-proxy,

additional firewall rules should be added:

/ip firewall rule input add in-interface=prism1 dst-port=3128 \

protocol=tcp action=jump jump-target=hotspot \

comment="account traffic from hotspot client to local web-proxy"

/ip firewall rule output add src-port=3128 protocol=tcp \

out-interface=prism1 action=jump jump-target=hotspot \

comment="account traffic from local web-proxy to hotspot client"

• You may want to allow multiple logins using the same username/password. Set the argument

value of shared-users to the number of simultaneous user sessions using the same username in

HotSpot profile. For example, to allow 10 clients to use the same username simultaneously:

/ip hotspot profile set default shared-users=10

• If you want the router to resolve DNS requests, enable DNS cache, and redirect all the DNS

requests to the router itself (159.148.60.2 is this example mean the external DNS server the

router will work with):

/ip dns set primary-dns=159.148.60.2

/ip dns set allow-remote-requests=yes

/ip firewall dst-nat add protocol=udp dst-port=53 action=redirect \

comment="intercept all DNS requests"

DHCP Client and Server

Document revision 2.4 (Fri Mar 05 08:34:29 GMT 2004)

This document applies to Wandy RouterOS V2.8

Table of Contents