MikroTik RouterOS v2.9 - Service Port; Customizing Hotspot: Firewall Section

To Next Page

To Previous Page

uptime ( read-only: time ) - current session time of the user (i.e., how long has the user been in the

active host list)

Command Description

make-binding - copy a dynamic entry from this list to the static IP bindings list ( name ) - item

number ( text ) - custom comment to the static entry to be created ( regular | bypassed | blocked ) -

the type of the static entry

Service Port

Home menu level: /ip hotspot service-port

Description

Just like for classic NAT, the HotSpot embedded one-to-one NAT 'breaks' some protocols that are

incompatible with address translation. To leave these protocols consistent, helper modules must be

used. For the one-to-one NAT the only such a module is for FTP protocol.

Property Description

name ( read-only: name ) - protocol name

ports ( read-only: integer ) - list of the ports on which the protocol is working

Example

To set the FTP protocol uses both 20 and 21 TCP port:

[admin@MikroTik] ip hotspot service-port> print

Flags: X - disabled

# NAME PORTS

0 ftp 21

[admin@MikroTik] ip hotspot service-port> set ftp ports=20,21

[admin@MikroTik] ip hotspot service-port> print

Flags: X - disabled

# NAME PORTS

0 ftp 20

[admin@MikroTik] ip hotspot service-port>

Customizing HotSpot: Firewall Section

Description

Apart from the obvious dynamic entries in the /ip hotspot submenu itself (like hosts and active

users), some additional rules are added in the firewall tables when activating a HotSpot service.

Unlike RouterOS version 2.8, there are relatively few firewall rules added in the firewall as the

main job is made by the one-to-one NAT algorithm.

NAT rules

Page 517 of 695

Other trademarks and registred trademarks mentioned herein are properties of their respective owners.