[isf-wifidog] Client captured but no access to login page.
Philippe April
isf_lists at philippeapril.com
Ven 25 Fév 15:08:11 EST 2005
One thing that might help:
We don't turn on NAT (or masquerading) in WiFiDog. We leave that up to
the person who sets up the box. I believe NoCat does though.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
If eth0 is your outgoing interface, this will turn it on.
Also, make sure 'cat /proc/sys/net/ipv4/ip_forward' returns 1 or it
won't work.
Let me know if it changes anything. I'll keep analyzing the output you
sent to see if I can find something else.
--
Philippe April
GnuPG: http://key.philippeapril.com/
Skype ID: mousetrap
On Fri, Feb 25, 2005 at 02:28:47PM -0500, Scott Tully wrote:
> I deleted all the nocat chains... still doesn't work
>
> /sbin/ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:30:BD:1F:08:8B
> inet addr:192.168.1.77 Bcast:255.255.255.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:36292 errors:0 dropped:0 overruns:0 frame:0
> TX packets:26546 errors:0 dropped:0 overruns:0 carrier:0
> collisions:1890 txqueuelen:100
> RX bytes:17125743 (16.3 MiB) TX bytes:2996536 (2.8 MiB)
> Interrupt:9 Base address:0xa000
>
> eth1 Link encap:Ethernet HWaddr 00:30:BD:05:DE:4D
> inet addr:10.10.10.1 Bcast:255.255.255.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:6728 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1343 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:1914596 (1.8 MiB) TX bytes:156838 (153.1 KiB)
> Interrupt:10 Base address:0xc400
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:107 errors:0 dropped:0 overruns:0 frame:0
> TX packets:107 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:27867 (27.2 KiB) TX bytes:27867 (27.2 KiB)
>
>
> iptables -vt nat -L
> Chain PREROUTING (policy ACCEPT 5899 packets, 1694K bytes)
> pkts bytes target prot opt in out source destination
> 52 13884 WiFiDog_WIFI2Internet all -- eth1 any anywhere
> anywhere
>
> Chain POSTROUTING (policy ACCEPT 108 packets, 8251 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain OUTPUT (policy ACCEPT 103 packets, 7963 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_AuthServers (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Class (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Known (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Locked (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Unknown (1 references)
> pkts bytes target prot opt in out source destination
> 2 96 REDIRECT tcp -- any any anywhere
> anywhere tcp dpt:www redir ports 2060
>
> Chain WiFiDog_Validate (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_WIFI2Internet (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 RETURN all -- any any anywhere
> anywhere MARK match 0x2
> 0 0 RETURN all -- any any anywhere
> anywhere MARK match 0x1
> 52 13884 WiFiDog_Unknown all -- any any anywhere
> anywhere
>
> iptables -vt mangle -L
> Chain PREROUTING (policy ACCEPT 34004 packets, 18M bytes)
> pkts bytes target prot opt in out source destination
> 65 15366 WiFiDog_Outgoing all -- eth1 any anywhere
> anywhere
>
> Chain INPUT (policy ACCEPT 28278 packets, 16M bytes)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD (policy ACCEPT 425 packets, 36542 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain OUTPUT (policy ACCEPT 27735 packets, 2714K bytes)
> pkts bytes target prot opt in out source destination
>
> Chain POSTROUTING (policy ACCEPT 27757 packets, 2715K bytes)
> pkts bytes target prot opt in out source destination
> 19 3300 WiFiDog_Incoming all -- any eth1 anywhere
> anywhere
>
> Chain WiFiDog_Incoming (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Outgoing (1 references)
> pkts bytes target prot opt in out source destination
>
> iptables -vt filter -L
> Chain INPUT (policy ACCEPT 28278 packets, 16M bytes)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD (policy ACCEPT 3 packets, 288 bytes)
> pkts bytes target prot opt in out source destination
> 12 864 WiFiDog_WIFI2Internet all -- eth1 any anywhere
> anywhere
>
> Chain OUTPUT (policy ACCEPT 27735 packets, 2714K bytes)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_AuthServers (1 references)
> pkts bytes target prot opt in out source destination
> 6 288 ACCEPT all -- any any anywhere
> wifidog.publicip.net
>
> Chain WiFiDog_Global (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT udp -- any any anywhere
> 69.90.89.192/27
> 0 0 ACCEPT udp -- any any anywhere
> 69.90.85.0/27
> 0 0 ACCEPT tcp -- any any anywhere
> 69.90.89.205 tcp dpt:www
>
> Chain WiFiDog_Known (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT all -- any any anywhere anywhere
>
> Chain WiFiDog_Locked (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 REJECT all -- any any anywhere
> anywhere reject-with icmp-port-unreachable
>
> Chain WiFiDog_Unknown (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT udp -- any any anywhere
> anywhere udp dpt:domain
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:domain
> 0 0 ACCEPT udp -- any any anywhere
> anywhere udp dpt:bootps
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:bootps
> 6 576 REJECT all -- any any anywhere
> anywhere reject-with icmp-port-unreachable
>
> Chain WiFiDog_Validate (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT udp -- any any anywhere
> anywhere udp dpt:bootps
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:bootps
> 0 0 ACCEPT udp -- any any anywhere
> anywhere udp dpt:domain
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:domain
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:www
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:pop3
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:pop3s
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:imap2
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:imaps
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:imap3
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:https
> 0 0 REJECT all -- any any anywhere
> anywhere reject-with icmp-port-unreachable
>
> Chain WiFiDog_WIFI2Internet (1 references)
> pkts bytes target prot opt in out source destination
> 12 864 WiFiDog_AuthServers all -- any any anywhere
> anywhere
> 0 0 WiFiDog_Locked all -- any any anywhere
> anywhere MARK match 0x254
> 6 576 WiFiDog_Global all -- any any anywhere
> anywhere
> 0 0 WiFiDog_Validate all -- any any anywhere
> anywhere MARK match 0x1
> 0 0 WiFiDog_Known all -- any any anywhere
> anywhere MARK match 0x2
> 6 576 WiFiDog_Unknown all -- any any anywhere
> anywhere
> /sbin/ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:30:BD:1F:08:8B
> inet addr:192.168.1.77 Bcast:255.255.255.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:36292 errors:0 dropped:0 overruns:0 frame:0
> TX packets:26546 errors:0 dropped:0 overruns:0 carrier:0
> collisions:1890 txqueuelen:100
> RX bytes:17125743 (16.3 MiB) TX bytes:2996536 (2.8 MiB)
> Interrupt:9 Base address:0xa000
>
> eth1 Link encap:Ethernet HWaddr 00:30:BD:05:DE:4D
> inet addr:10.10.10.1 Bcast:255.255.255.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:6728 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1343 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:1914596 (1.8 MiB) TX bytes:156838 (153.1 KiB)
> Interrupt:10 Base address:0xc400
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:107 errors:0 dropped:0 overruns:0 frame:0
> TX packets:107 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:27867 (27.2 KiB) TX bytes:27867 (27.2 KiB)
>
>
> iptables -vt nat -L
> Chain PREROUTING (policy ACCEPT 5899 packets, 1694K bytes)
> pkts bytes target prot opt in out source destination
> 52 13884 WiFiDog_WIFI2Internet all -- eth1 any anywhere anywhere
>
> Chain POSTROUTING (policy ACCEPT 108 packets, 8251 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain OUTPUT (policy ACCEPT 103 packets, 7963 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_AuthServers (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Class (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Known (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Locked (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Unknown (1 references)
> pkts bytes target prot opt in out source destination
> 2 96 REDIRECT tcp -- any any anywhere anywhere tcp dpt:www redir ports 2060
>
> Chain WiFiDog_Validate (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_WIFI2Internet (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 RETURN all -- any any anywhere anywhere MARK match 0x2
> 0 0 RETURN all -- any any anywhere anywhere MARK match 0x1
> 52 13884 WiFiDog_Unknown all -- any any anywhere anywhere
>
> iptables -vt mangle -L
> Chain PREROUTING (policy ACCEPT 34004 packets, 18M bytes)
> pkts bytes target prot opt in out source destination
> 65 15366 WiFiDog_Outgoing all -- eth1 any anywhere anywhere
>
> Chain INPUT (policy ACCEPT 28278 packets, 16M bytes)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD (policy ACCEPT 425 packets, 36542 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain OUTPUT (policy ACCEPT 27735 packets, 2714K bytes)
> pkts bytes target prot opt in out source destination
>
> Chain POSTROUTING (policy ACCEPT 27757 packets, 2715K bytes)
> pkts bytes target prot opt in out source destination
> 19 3300 WiFiDog_Incoming all -- any eth1 anywhere anywhere
>
> Chain WiFiDog_Incoming (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_Outgoing (1 references)
> pkts bytes target prot opt in out source destination
>
> iptables -vt filter -L
> Chain INPUT (policy ACCEPT 28278 packets, 16M bytes)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD (policy ACCEPT 3 packets, 288 bytes)
> pkts bytes target prot opt in out source destination
> 12 864 WiFiDog_WIFI2Internet all -- eth1 any anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT 27735 packets, 2714K bytes)
> pkts bytes target prot opt in out source destination
>
> Chain WiFiDog_AuthServers (1 references)
> pkts bytes target prot opt in out source destination
> 6 288 ACCEPT all -- any any anywhere wifidog.publicip.net
>
> Chain WiFiDog_Global (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT udp -- any any anywhere 69.90.89.192/27
> 0 0 ACCEPT udp -- any any anywhere 69.90.85.0/27
> 0 0 ACCEPT tcp -- any any anywhere 69.90.89.205 tcp dpt:www
>
> Chain WiFiDog_Known (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT all -- any any anywhere anywhere
>
> Chain WiFiDog_Locked (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
>
> Chain WiFiDog_Unknown (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:domain
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:domain
> 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootps
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:bootps
> 6 576 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
>
> Chain WiFiDog_Validate (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootps
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:bootps
> 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:domain
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:domain
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:www
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3s
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imap2
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imaps
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imap3
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
> 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
>
> Chain WiFiDog_WIFI2Internet (1 references)
> pkts bytes target prot opt in out source destination
> 12 864 WiFiDog_AuthServers all -- any any anywhere anywhere
> 0 0 WiFiDog_Locked all -- any any anywhere anywhere MARK match 0x254
> 6 576 WiFiDog_Global all -- any any anywhere anywhere
> 0 0 WiFiDog_Validate all -- any any anywhere anywhere MARK match 0x1
> 0 0 WiFiDog_Known all -- any any anywhere anywhere MARK match 0x2
> 6 576 WiFiDog_Unknown all -- any any anywhere anywhere
Plus d'informations sur la liste de diffusion WiFiDog