[isf-wifidog] Client captured but no access to login page.
Philippe April
isf_lists at philippeapril.com
Ven 25 Fév 10:38:50 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott,
I'm sure we can help you out :)
I'm pretty sure it's just misconfiguration in the config file.
1. By looking at your iptables rules, you seem to have uncommented all 3
entries for auth servers but left ours.
If you want to test, I recommend you leave only your auth server otherwise if the
pings are not succesful it might try to switch to ours and use different
databases :)
2. Hopefully you're using the code of our authentication server, even
though there's no tarball release yet (our mistake)?
3. Is your webserver listening on port 443 (HTTPS)? otherwise HTTPS has to
be disabled in the wifidog config for the AuthServer entry.
4. Make sure the GatewayInterface + GatewayAddress and ExternalInterface
are right. This leads to weird issues (like the one you're having).
To help with that, I suggest you download our latest CVS version, you'll
only need to specify the GatewayInterface and it will detect the rest
and there are other good improvements.
So take a look at all of this and let us know. Of course WiFiDog is in
constant development (especially the authentication server) and we'll
standardize the release process soon so you can have tarballs to
download next time :)
Let us know!
- --
Philippe April
GnuPG: http://key.philippeapril.com/
Skype ID: mousetrap
On Fri, Feb 25, 2005 at 09:52:03AM -0500, Scott Tully wrote:
> Hi all - fist post to the list...
>
> WiFiDog looks to be a really great captive portal system. I am
> currently using NoCat and would like to start making a move to using
> the dog. But, my initial testing is not going so smoothly...
>
> I am trying to get wifidog 1.0.2 working on a debian sid installation.
> Everything goes good up to the point of the redirect to the login
> page. I can see the client is captured and the url is properly
> formated and the request is being attempted, but never happens. I can
> see by looking at the apache access.log on the authserver that the
> request never reaches the server. (I can see that "pings" do).
>
> To me, it seems like the rule to allow the client access to the
> authserver is not working... Or am i missing something? Can anybody
> help me get this working?
>
> TIA
>
> Scott
>
>
> Here is my iptable dump
> >>>>> NAT table: <<<<<
>
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> WiFiDog_Class all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain WiFiDog_AuthServers (2 references)
> target prot opt source destination
> ACCEPT all -- 0.0.0.0/0 192.168.1.76
> ACCEPT all -- 0.0.0.0/0 216.239.84.234
> ACCEPT all -- 0.0.0.0/0 216.239.84.234
>
> Chain WiFiDog_Class (1 references)
> target prot opt source destination
> WiFiDog_Validate all -- 0.0.0.0/0 0.0.0.0/0
> MARK match 0x1
> WiFiDog_Known all -- 0.0.0.0/0 0.0.0.0/0 MARK match 0x2
> WiFiDog_Locked all -- 0.0.0.0/0 0.0.0.0/0 MARK
> match 0x254
> WiFiDog_Unknown all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain WiFiDog_Known (1 references)
> target prot opt source destination
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain WiFiDog_Locked (1 references)
> target prot opt source destination
> DROP all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain WiFiDog_Unknown (1 references)
> target prot opt source destination
> WiFiDog_AuthServers all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT all -- 0.0.0.0/0 10.10.10.1
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
> REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:80 redir ports 2060
> DROP all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain WiFiDog_Validate (1 references)
> target prot opt source destination
> WiFiDog_AuthServers all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT all -- 0.0.0.0/0 10.10.10.1
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:220
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
> DROP all -- 0.0.0.0/0 0.0.0.0/0
>
>
> >>>>> Mangle table: <<<<<
>
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> WiFiDog_Outgoing all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> WiFiDog_Incoming all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain WiFiDog_Incoming (1 references)
> target prot opt source destination
>
> Chain WiFiDog_Outgoing (1 references)
> target prot opt source destination
>
>
> >>>>> Filter table: <<<<<
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCH0aKOq+Ep5Xn/aARAjLVAJ0fBn7WKwpM1ukqoN7Gsv6GxMVapQCgqA2V
nrOOlZyl97rF07gTl0A3pvk=
=nKj0
-----END PGP SIGNATURE-----
Plus d'informations sur la liste de diffusion WiFiDog