Mikrotik | How to Solve Blocked DNS Port (53) Under Hotspot Network
After i implement hotspot network in my workplace, everything went smooth. But after awhile, a problem arise. We, anyone behind hotspot, could not resolve some DNS, especially the one hosted by google such as customized blogger domain like this blog, asudahlah.com.I can ping asudahlah.com using mikrotik terminal in winbox, but i cannot nslookup it in my laptop and my coworker's laptop. I also try with another domain name, some of them get thru, some didn't. My DNS flow goes like this:
Client (DNS=192.168.68.1)-------->(IP=192.168.68.1) Mikrotik (DNS=8.8.8.8)------->internet.
After some trial and error, i found what the problem is. Mikrotik's hotspot dynamically created a NAT rules which redirect DNS port TCP 53 and UDP 53 in order for the captive portal to work.
Here's a solution which works for my case. By bypassing TCP and UDP port 53. Here's the configuration:
/ip firewall nat
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=udp
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=tcp
/ip hotspot walled-garden ip
add action=accept disabled=no dst-port=53 protocol=udp
add action=accept disabled=no dst-port=53 protocol=tcp
Well, that's it. Now i can access all domain.
I hope it helps anyone having the same problem.
Subscribe to:
Posts
(
Atom
)
5 comments :
Post a Comment