Filter
Top Products
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers 233
RouterOS v3 Configuration and User Guide
Property Description
name (read-only: name) - protocol name
ports (read-only: integer) - list of the ports on which the protocol is working
Example
To set the FTP protocol uses both 20 and 21 TCP port:
[admin@AT-WR4562] ip hotspot service-port> print
Flags: X - disabled
# NAME PORTS
0 ftp 21
[admin@AT-WR4562] ip hotspot service-port> set ftp ports=20,21
[admin@AT-WR4562] ip hotspot service-port> print
Flags: X - disabled
# NAME PORTS
0 ftp 20
21
[admin@AT-WR4562] ip hotspot service-port>
10.3.9 Customizing HotSpot: Firewall Section
Description
Apart from the obvious dynamic entries in the /ip hotspot submenu itself (like hosts and active users),
some additional rules are added in the firewall tables when activating a HotSpot service. Unlike RouterOS
version 2.8, there are relatively few firewall rules added in the firewall as the main job is made by the one-
to-one NAT algorithm.
NAT rules
From /ip firewall nat print dynamic command, you can get something like this (comments follow after
each of the rules):
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
Putting all HotSpot-related tasks for packets from all HotSpot clients into a separate chain
1 I chain=hotspot action=jump jump-target=pre-hotspot
Any actions that should be done before HotSpot rules apply, should be put in the pre-hotspot chain.
This chain is under full administrator control and does not contain any rules set by the system, hence the
invalid jump rule (as the chain does not have any rules by default).
2 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=udp
3 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=tcp
Redirect all DNS requests to the HotSpot service. The 64872 port provides DNS service for all HotSpot
users. If you want HotSpot server to listen also to another port, add rules here the same way, changing
dst-port property
4 D chain=hotspot action=redirect to-ports=64873 hotspot=local-dst dst-port=80
protocol=tcp
Redirect all HTTP login requests to the HTTP login servlet. The 64873 is HotSpot HTTP servlet port.
5 D chain=hotspot action=redirect to-ports=64875 hotspot=local-dst dst-port=443
protocol=tcp
Redirect all HTTPS login requests to the HTTPS login servlet. The 64875 is HotSpot HTTPS servlet port.
6 D chain=hotspot action=jump jump-target=hs-unauth hotspot=!auth protocol=tcp