[isf-wifidog] Gateway NAT Patch

Scott Tully scott.tully at gmail.com
Lun 28 Fév 14:38:37 EST 2005 

Here's a patch you can use if you want to create an option to turn NAT on/off. 

http://www.publicip.org/mirror/dists/patches/wifidog.cvs.nat.patch

I might not be a great C programmer (or even PHP come to think of it),
but i'm a hard worker :-)

BTW - I have my authserver running on MySQL.  I am still testing.   I
had some problems with the sql "interval" statement converting to
mysql... seems to be a different use.  I converted "< interval '5
minutes'" to " < DATE_SUB(NOW(),interval 5 minute)" Does this seem
like the correct thing to do?

Thanks again!
Scott
-------------- next part --------------
diff -Naur -X exclude wifidog/src/conf.c wifidog-new/src/conf.c
--- wifidog/src/conf.c	2005-02-20 17:55:20.000000000 -0500
+++ wifidog-new/src/conf.c	2005-02-28 18:55:38.000000000 -0500
@@ -70,6 +70,7 @@
 	oGatewayInterface,
 	oGatewayAddress,
 	oGatewayPort,
+	oGatewayNAT,
 	oAuthServer,
 	oAuthServHostname,
 	oAuthServSSLAvailable,
@@ -99,7 +100,8 @@
 	{ "externalinterface",  oExternalInterface },
 	{ "gatewayid",          oGatewayID },
 	{ "gatewayinterface",   oGatewayInterface },
-	{ "gatewayaddress",     oGatewayAddress },
+	{ "gatewaynat",         oGatewayNAT },
+        { "gatewayaddress",     oGatewayAddress },
 	{ "gatewayport",        oGatewayPort },
 	{ "authserver",         oAuthServer },
 	{ "authservmaxtries",   oAuthServMaxTries },
@@ -145,6 +147,7 @@
 	config.httpdmaxconn = DEFAULT_HTTPDMAXCONN;
 	config.external_interface = NULL;
 	config.gw_id = DEFAULT_GATEWAYID;
+	config.gw_nat = DEFAULT_NAT_CLIENTS;
 	config.gw_interface = NULL;
 	config.gw_address = NULL;
 	config.gw_port = DEFAULT_GATEWAYPORT;
@@ -632,6 +635,9 @@
 				case oGatewayPort:
 					sscanf(p1, "%d", &config.gw_port);
 					break;
+				case oGatewayNAT:
+				        sscanf(p1, "%d", &config.gw_nat);
+				        break;	
 				case oAuthServer:
 					parse_auth_server(fd, filename,
 							&linenum);
diff -Naur -X exclude wifidog/src/conf.h wifidog-new/src/conf.h
--- wifidog/src/conf.h	2004-11-22 16:45:57.000000000 -0500
+++ wifidog-new/src/conf.h	2005-02-28 18:55:38.000000000 -0500
@@ -48,6 +48,8 @@
 /** Note:  The path must NOT be prefixed by /, and must be suffixed /.  Leave empty for the server root.*/
 #define DEFAULT_AUTHSERVPATH "wifidog/"
 #define DEFAULT_AUTHSERVMAXTRIES 1
+/* Use NAT default is OFF */
+#define DEFAULT_NAT_CLIENTS 0
 /*@}*/ 
 
 /**
@@ -101,7 +103,8 @@
     char *gw_address;		/**< @brief Internal IP address for our web
 				     server */
     int gw_port;		/**< @brief Port the webserver will run on */
-    
+    int gw_nat;                /**< @brief Do we NAT */
+  
     int authserv_maxtries;	/**< @brief Maximum number of auth server
 				     connection attempts before abandoning */
     t_auth_serv	*auth_servers;	/**< @brief Auth servers list */
@@ -156,3 +159,11 @@
 } while (0)
 
 #endif /* _CONFIG_H_ */
+
+
+
+
+
+
+
+
diff -Naur -X exclude wifidog/src/fw_iptables.c wifidog-new/src/fw_iptables.c
--- wifidog/src/fw_iptables.c	2005-02-20 19:00:47.000000000 -0500
+++ wifidog-new/src/fw_iptables.c	2005-02-28 18:55:38.000000000 -0500
@@ -183,6 +183,7 @@
     s_config *config;
 	 char * gw_interface = NULL;
 	 int gw_port = 0;
+	 int gw_nat  = 0;
    
     fw_quiet = 0;
 
@@ -190,6 +191,7 @@
 	 LOCK_CONFIG();
 	 gw_interface = safe_strdup(config->gw_interface);
 	 gw_port = config->gw_port;
+	 gw_nat  = config->gw_nat;
 	 UNLOCK_CONFIG();
     
 	 /*
@@ -218,14 +220,15 @@
 			iptables_do_command("-t nat -N " TABLE_WIFIDOG_UNKNOWN);
 
 			/* Assign links and rules to these new chains */
-			iptables_do_command("-t nat -I PREROUTING 1 -i %s -j " TABLE_WIFIDOG_WIFI_TO_INTERNET, gw_interface);
-			iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j RETURN", FW_MARK_KNOWN);
-			iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j RETURN", FW_MARK_PROBATION);
-			iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_UNKNOWN);
-
-			iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 80 -j REDIRECT --to-ports %d", gw_port);
-
-
+	iptables_do_command("-t nat -I PREROUTING 1 -i %s -j " TABLE_WIFIDOG_WIFI_TO_INTERNET, gw_interface);
+	iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j RETURN", FW_MARK_KNOWN);
+	iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j RETURN", FW_MARK_PROBATION);
+	iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_UNKNOWN);
+	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 80 -j REDIRECT --to-ports %d", gw_port);
+	/* Turn on nating if we want */
+	if(gw_nat){
+	iptables_do_command("-t nat -A POSTROUTING -o %s -j MASQUERADE", gw_interface);
+	}
 	 /*
 	  *
 	  * Everything in the FILTER table
@@ -294,11 +297,12 @@
 	  *
 	  */
 	 iptables_fw_destroy_mention("nat", "PREROUTING", TABLE_WIFIDOG_WIFI_TO_INTERNET);
+	 iptables_do_command("-t nat -F POSTROUTING");
     iptables_do_command("-t nat -F " TABLE_WIFIDOG_WIFI_TO_INTERNET);
     iptables_do_command("-t nat -F " TABLE_WIFIDOG_UNKNOWN);
     iptables_do_command("-t nat -X " TABLE_WIFIDOG_WIFI_TO_INTERNET);
     iptables_do_command("-t nat -X " TABLE_WIFIDOG_UNKNOWN);
-
+    
 	 /*
 	  *
 	  * Everything in the FILTER table
diff -Naur -X exclude wifidog/wifidog.conf wifidog-new/wifidog.conf
--- wifidog/wifidog.conf	2005-02-03 16:25:29.000000000 -0500
+++ wifidog-new/wifidog.conf	2005-02-28 19:20:10.000000000 -0500
@@ -78,6 +78,13 @@
 #    Path /
 #}
 
+# Parameter: GatewayNAT
+# Default: 0 (OFF)
+# Optional
+#
+# Set this to true (1) if you want to run use nat
+# GatewayNAT 0
+
 # Parameter: Daemon
 # Default: 1
 # Optional

Plus d'informations sur la liste de diffusion WiFiDog