[isf-wifidog] Gateway NAT Patch
Scott Tully
scott.tully at gmail.com
Lun 28 Fév 14:38:37 EST 2005
Here's a patch you can use if you want to create an option to turn NAT on/off.
http://www.publicip.org/mirror/dists/patches/wifidog.cvs.nat.patch
I might not be a great C programmer (or even PHP come to think of it),
but i'm a hard worker :-)
BTW - I have my authserver running on MySQL. I am still testing. I
had some problems with the sql "interval" statement converting to
mysql... seems to be a different use. I converted "< interval '5
minutes'" to " < DATE_SUB(NOW(),interval 5 minute)" Does this seem
like the correct thing to do?
Thanks again!
Scott
-------------- next part --------------
diff -Naur -X exclude wifidog/src/conf.c wifidog-new/src/conf.c
--- wifidog/src/conf.c 2005-02-20 17:55:20.000000000 -0500
+++ wifidog-new/src/conf.c 2005-02-28 18:55:38.000000000 -0500
@@ -70,6 +70,7 @@
oGatewayInterface,
oGatewayAddress,
oGatewayPort,
+ oGatewayNAT,
oAuthServer,
oAuthServHostname,
oAuthServSSLAvailable,
@@ -99,7 +100,8 @@
{ "externalinterface", oExternalInterface },
{ "gatewayid", oGatewayID },
{ "gatewayinterface", oGatewayInterface },
- { "gatewayaddress", oGatewayAddress },
+ { "gatewaynat", oGatewayNAT },
+ { "gatewayaddress", oGatewayAddress },
{ "gatewayport", oGatewayPort },
{ "authserver", oAuthServer },
{ "authservmaxtries", oAuthServMaxTries },
@@ -145,6 +147,7 @@
config.httpdmaxconn = DEFAULT_HTTPDMAXCONN;
config.external_interface = NULL;
config.gw_id = DEFAULT_GATEWAYID;
+ config.gw_nat = DEFAULT_NAT_CLIENTS;
config.gw_interface = NULL;
config.gw_address = NULL;
config.gw_port = DEFAULT_GATEWAYPORT;
@@ -632,6 +635,9 @@
case oGatewayPort:
sscanf(p1, "%d", &config.gw_port);
break;
+ case oGatewayNAT:
+ sscanf(p1, "%d", &config.gw_nat);
+ break;
case oAuthServer:
parse_auth_server(fd, filename,
&linenum);
diff -Naur -X exclude wifidog/src/conf.h wifidog-new/src/conf.h
--- wifidog/src/conf.h 2004-11-22 16:45:57.000000000 -0500
+++ wifidog-new/src/conf.h 2005-02-28 18:55:38.000000000 -0500
@@ -48,6 +48,8 @@
/** Note: The path must NOT be prefixed by /, and must be suffixed /. Leave empty for the server root.*/
#define DEFAULT_AUTHSERVPATH "wifidog/"
#define DEFAULT_AUTHSERVMAXTRIES 1
+/* Use NAT default is OFF */
+#define DEFAULT_NAT_CLIENTS 0
/*@}*/
/**
@@ -101,7 +103,8 @@
char *gw_address; /**< @brief Internal IP address for our web
server */
int gw_port; /**< @brief Port the webserver will run on */
-
+ int gw_nat; /**< @brief Do we NAT */
+
int authserv_maxtries; /**< @brief Maximum number of auth server
connection attempts before abandoning */
t_auth_serv *auth_servers; /**< @brief Auth servers list */
@@ -156,3 +159,11 @@
} while (0)
#endif /* _CONFIG_H_ */
+
+
+
+
+
+
+
+
diff -Naur -X exclude wifidog/src/fw_iptables.c wifidog-new/src/fw_iptables.c
--- wifidog/src/fw_iptables.c 2005-02-20 19:00:47.000000000 -0500
+++ wifidog-new/src/fw_iptables.c 2005-02-28 18:55:38.000000000 -0500
@@ -183,6 +183,7 @@
s_config *config;
char * gw_interface = NULL;
int gw_port = 0;
+ int gw_nat = 0;
fw_quiet = 0;
@@ -190,6 +191,7 @@
LOCK_CONFIG();
gw_interface = safe_strdup(config->gw_interface);
gw_port = config->gw_port;
+ gw_nat = config->gw_nat;
UNLOCK_CONFIG();
/*
@@ -218,14 +220,15 @@
iptables_do_command("-t nat -N " TABLE_WIFIDOG_UNKNOWN);
/* Assign links and rules to these new chains */
- iptables_do_command("-t nat -I PREROUTING 1 -i %s -j " TABLE_WIFIDOG_WIFI_TO_INTERNET, gw_interface);
- iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j RETURN", FW_MARK_KNOWN);
- iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j RETURN", FW_MARK_PROBATION);
- iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_UNKNOWN);
-
- iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 80 -j REDIRECT --to-ports %d", gw_port);
-
-
+ iptables_do_command("-t nat -I PREROUTING 1 -i %s -j " TABLE_WIFIDOG_WIFI_TO_INTERNET, gw_interface);
+ iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j RETURN", FW_MARK_KNOWN);
+ iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j RETURN", FW_MARK_PROBATION);
+ iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_UNKNOWN);
+ iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 80 -j REDIRECT --to-ports %d", gw_port);
+ /* Turn on nating if we want */
+ if(gw_nat){
+ iptables_do_command("-t nat -A POSTROUTING -o %s -j MASQUERADE", gw_interface);
+ }
/*
*
* Everything in the FILTER table
@@ -294,11 +297,12 @@
*
*/
iptables_fw_destroy_mention("nat", "PREROUTING", TABLE_WIFIDOG_WIFI_TO_INTERNET);
+ iptables_do_command("-t nat -F POSTROUTING");
iptables_do_command("-t nat -F " TABLE_WIFIDOG_WIFI_TO_INTERNET);
iptables_do_command("-t nat -F " TABLE_WIFIDOG_UNKNOWN);
iptables_do_command("-t nat -X " TABLE_WIFIDOG_WIFI_TO_INTERNET);
iptables_do_command("-t nat -X " TABLE_WIFIDOG_UNKNOWN);
-
+
/*
*
* Everything in the FILTER table
diff -Naur -X exclude wifidog/wifidog.conf wifidog-new/wifidog.conf
--- wifidog/wifidog.conf 2005-02-03 16:25:29.000000000 -0500
+++ wifidog-new/wifidog.conf 2005-02-28 19:20:10.000000000 -0500
@@ -78,6 +78,13 @@
# Path /
#}
+# Parameter: GatewayNAT
+# Default: 0 (OFF)
+# Optional
+#
+# Set this to true (1) if you want to run use nat
+# GatewayNAT 0
+
# Parameter: Daemon
# Default: 1
# Optional
Plus d'informations sur la liste de diffusion WiFiDog