[Wifidog] Resultats

Philippe April papril777 at yahoo.com
Mon Apr 19 22:31:30 EDT 2004 

J'aime pas ca repondre a mes messages, mais bon... j'ai de quoi a rajouter...

Les counters, sont seulement pour le INBOUND... pour verifier le outbound
traffic (ce qu'on veut.... aussi!), j'ai pense a de quoi...

Rajout d'une chain 'wifidog_traffic' dans FILTER...
Rajout des users avec source <ip> (pour voir le outbound)
Rajout des users avec destination <ip> (voir le inbound)
Rajout de la chain au debut de FORWARD

En iptables, ca ressemble a ca:

iptables -N wifidog_traffic
iptables -A wifidog_traffic -s 192.168.1.20 -j ACCEPT
iptables -A wifidog_traffic -d 192.168.1.20 -j ACCEPT
iptables -I FORWARD 1 -j wifidog_traffic

Et ca devrait fonctionner avec n'importe quel type de firewall..

Vous me direz ce que vous en pensez!

Philippe

> Hi!
>
> Here are some results running WiFiDog on the WRT54G...
>
> I'm using a custom firmware, OpenWRT, with some hacks (libpthread
> installed, netfilter kernel features compiled in the kernel (MAC, MARK,
> etc.)
>
> / # wifidog
> [debug 3] Reading configuration file '/etc/wifidog.conf'
> [debug 4] Parsing token: Daemon, value: 0
> [debug 4] Parsing token: GatewayID, value: default
> [debug 4] Parsing token: GatewayPort, value: 2060
> [debug 4] Parsing token: HTTPDName, value: WiFiDog
> [debug 4] Parsing token: HTTPDMaxConn, value: 10
> [debug 4] Parsing token: GatewayInterface, value: br0
> [debug 4] Parsing token: GatewayAddress, value: 192.168.1.1
> [debug 4] Parsing token: AuthservHostname, value: <hidden>
> [debug 4] Parsing token: AuthservPath, value: /wifidog/auth/
> [debug 4] Parsing token: AuthservLoginUrl, value:
> http://<hidden>/wifidog/login/
> [debug 4] Parsing token: CheckInterval, value: 60
> [debug 4] Parsing token: ClientTimeout, value: 5
> [debug 4] Parsing token: FWScriptsPath, value: /usr/lib/wifidog
> [debug 4] Parsing token: FWType, value: iptables
> [debug 4] Parsing token: UserClass, value: 0
> [debug 4] Parsing token: UserClass, value: 1
> [debug 4] Parsing token: UserClass, value: 2
> [debug 4] Parsing token: UserClass, value: 3
> [debug 4] Parsing token: UserClass, value: 4
> [debug 4] Parsing token: UserClass, value: 5
> [debug 4] Rule #0: timeout 0 active 0
> [debug 4] Rule #1: timeout 600 active 1
> [debug 4] Rule #2: timeout 21600 active 1
> [debug 4] Rule #3: timeout 21600 active 1
> [debug 4] Rule #4: timeout 21600 active 1
> [debug 4] Rule #5: timeout 21600 active 1
> [debug 4] Creating web server on 192.168.1.1:2060
> [debug 4] Assigning callbacks to web server
> [debug 4] Initializing signal handlers
> [debug 3] Setting firewall rules
> [debug 4] Executing '/usr/lib/wifidog/iptables/fw.init'
> [debug 4] Waiting for connections
> [debug 4] Received connection from 192.168.1.21
> [debug 4] Processing request from 192.168.1.21
> [debug 3] Captured 192.168.1.21 and re-directed them to login page
> [debug 4] Closing connection with 192.168.1.21
> [debug 4] Received connection from 192.168.1.22
> [debug 4] Processing request from 192.168.1.22
> [debug 3] Captured 192.168.1.22 and re-directed them to login page
> [debug 4] Closing connection with 192.168.1.22
> [debug 4] Received connection from 192.168.1.21
> [debug 4] Processing request from 192.168.1.21
> [debug 4] New node for 192.168.1.21
> [debug 4] Added a new node to linked list: IP: 192.168.1.21 Token:
> 8c405a3a06082b7cf7990eb698b9fdd5
> [debug 4] Closing connection with 192.168.1.21
> [debug 4] Connecting to auth server <hidden> on port 80
> [debug 4] Sending HTTP request:
> #####
> GET
> /wifidog/auth/?ip=192.168.1.21&mac=00:20:35:FC:2E:14&token=8c405a3a06082b7cf7990eb698b9fdd5&stats=0
> HTTP/1.1
> Host: <hidden>
>
>
> #####
> [debug 4] Auth server returned profile 5
> [debug 4] Node 192.168.1.21 with mac 00:20:35:FC:2E:14 and profile 5
> validated
> [debug 4] Profile 5 UserClasses retrieved
> [debug 4] Executing '/usr/lib/wifidog/iptables/fw.access'
> [debug 4] Received connection from 192.168.1.22
> [debug 4] Processing request from 192.168.1.22
> [debug 4] New node for 192.168.1.22
> [debug 4] Added a new node to linked list: IP: 192.168.1.22 Token:
> d34125f93339f1feaa6e5ebf3b041d4f
> [debug 4] Closing connection with 192.168.1.22
> [debug 4] Connecting to auth server <hidden> on port 80
> [debug 4] Sending HTTP request:
> #####
> GET
> /wifidog/auth/?ip=192.168.1.22&mac=00:60:08:42:CE:6E&token=d34125f93339f1feaa6e5ebf3b041d4f&stats=0
> HTTP/1.1
> Host: <hidden>
>
>
> #####
> [debug 4] Auth server returned profile 5
> [debug 4] Node 192.168.1.22 with mac 00:60:08:42:CE:6E and profile 5
> validated
> [debug 4] Profile 5 UserClasses retrieved
> [debug 4] Executing '/usr/lib/wifidog/iptables/fw.access'
> [debug 4] Connecting to auth server <hidden> on port 80
> [debug 4] Sending HTTP request:
> #####
> GET
> /wifidog/auth/?ip=192.168.1.21&mac=00:20:35:FC:2E:14&token=8c405a3a06082b7cf7990eb698b9fdd5&stats=102848
> HTTP/1.1
> Host: <hidden>
>
>
> #####
> [debug 4] Auth server returned profile 5
> [debug 4] Updated client 192.168.1.21 counter to 102848 bytes
> [debug 4] Connecting to auth server <hidden> on port 80
> [debug 4] Sending HTTP request:
> #####
> GET
> /wifidog/auth/?ip=192.168.1.22&mac=00:60:08:42:CE:6E&token=d34125f93339f1feaa6e5ebf3b041d4f&stats=47934
> HTTP/1.1
> Host: <hidden>
>
>
> #####
> [debug 4] Auth server returned profile 5
> [debug 4] Updated client 192.168.1.22 counter to 47934 bytes
>
> ------------------------------
>
> Seems to be running nicely!
>
> Some FW rules:
>
> Chain wifidog_mark (1 references)
> target     prot opt source               destination
> MARK       all  --  anywhere             anywhere            MARK set 0x1
> MARK       all  --  192.168.1.21         anywhere            MAC
> 00:20:35:FC:2E:14 MARK set 0x5
> MARK       all  --  192.168.1.22         anywhere            MAC
> 00:60:08:42:CE:6E MARK set 0x5
>
> .....
>
> GOAL!!!
>
> (sorry... listening to the game while typing).
>
> So, I'll test timeouts, etc. Both myself and my significant other are
> surfing the net through wifidog at the moment..
>
> I'd like to bring one issue that we'll need to fix (most likely):
>
> 1. If someone wants to log-out, we should think about providing a way...
> 2. If you relogin (because you know how... call wifidog with port 2060),
> you shouldn't have more entries, your profile should just get
> revalidated...
> 3. As talked already, if your profile changes while you browse (to profile
> 0 for example), it should adapt automatically...
>
> Neat!
>
> Philippe
>
>
> _______________________________________________
> Wifidog mailing list
> Wifidog at isf.waglo.com
> http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
>
>


_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com

More information about the Wifidog mailing list