|
源代码网推荐参与的routeros是2块网卡,ether1连接adsl,做pppoeclient,ether2连接局域网。
首先按照论坛上置顶的说明正确安装并配置routeros,实现客户机能够正常上网。
然后terminalrouteros 改变www服务端口为8081:
/ipservicesetwwwport=8081 改变hotspot服务端口为80,为用户登录页面做准备:
/ipservicesethotspotport=80
Setuphotspotprofiletomarkauthenticateduserswithflowname"hs-auth":
/iphotspotprofilesetdefaultmark-flow="hs-auth"login-method=enabled-address
增加一个用户:
/iphotspotuseraddname=user1password=1
重定向所有未授权用户的tcp请求到hotspot服务
/ipfirewalldst-nataddin-interface="ether2"flow="!hs-auth"protocol=tcpaction=redirect
to-dst-port=80comment="redirectunauthorizedclientstohotspotservice"
允许dns请求、icmpping;拒绝其他未经认证的所有请求:
/ipfirewalladdname=hotspot-tempcomment="limitunauthorizedhotspotclients"
/ipfirewallruleforwardaddin-interface=ether2action=jump
jump-target=hotspot-tempcomment="limitaccessforunauthorizedhotspotclients" /ipfirewallruleinputaddin-interface=ether2dst-port=80protocol=tcp
action=acceptcomment="acceptrequestsforhotspotservlet" /ipfirewallruleinputaddin-interface=ether2dst-port=67protocol=udp
action=acceptcomment="acceptrequestsforlocalDHCPserver" /ipfirewallruleinputaddin-interface=ether2action=jump
jump-target=hotspot-tempcomment="limitaccessforunauthorizedhotspotclients"
/ipfirewallrulehotspot-tempaddflow="hs-auth"action=return
comment="returnifconnectionisauthorized" /ipfirewallrulehotspot-tempaddprotocol=icmpaction=return
comment="allowpingrequests" /ipfirewallrulehotspot-tempaddprotocol=udpdst-port=53action=return
comment="allowdnsrequests" /ipfirewallrulehotspot-tempaddaction=reject
comment="rejectaccessforunauthorizedclients" 创建hotspot通道给认证后的hotspot用户
Createhotspotchainforauthorizedhotspotclients:
/ipfirewalladdname=hotspotcomment="accountauthorizedhotspotclients" Passallthroughgoingtraffictohotspotchain:
/ipfirewallruleforwardaddaction=jumpjump-target=hotspot
comment="accounttrafficforauthorizedhotspotclients" 客户机输入任何网址,都自动跳转到登陆页面,输入账号密码,继续浏览。
如果使用ftp、pop3等,也必须先通过网页登录,才可以使用,当然使用winbox的时候也必须先登录。
源代码网供稿. | 
