[isf-wifidog] Gateway NAT Patch

[Mina Naguib]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Scott Tully wrote:
| Here's a patch you can use if you want to create an option to turn NAT
on/off.
|
| http://www.publicip.org/mirror/dists/patches/wifidog.cvs.nat.patch
|
| I might not be a great C programmer (or even PHP come to think of it),
| but i'm a hard worker :-)
|
| BTW - I have my authserver running on MySQL.  I am still testing.   I
| had some problems with the sql "interval" statement converting to
| mysql... seems to be a different use.  I converted "< interval '5
| minutes'" to " < DATE_SUB(NOW(),interval 5 minute)" Does this seem
| like the correct thing to do?
|
| Thanks again!
| Scott
|
| [patch snipped by Mina for brevety]
|


I haven't tested this yet, but does anyone see a reason not to include
this in WiFiDog ?

In the documentation for WiFiDog we state that it will interfere as
minimally as possible with existing iptables rules (in the hope that it
may actually be usable alongside an existing configuration)

I'm undecided whether the above is good or bad.  On the one hand it will
make it easier to fix the problem you've encountered earlier, but on the
other it's becoming too intrusive, adding stuff other than our "hooks"
into the default tables and chains.

I also noticed a couple of things in the patch:

1. It adds the masquerade target on the gw_interface instead of the
external_interface (is that a bug ?)

2. If it's a bug, we need to switch it to external_interface - but the
gotcha is external_interface is not mandatory and wifidog may not know
what it is!

3. On unloading the patch completely flushes the nat.POSTROUTING chain -
that would delete all custom rules that wifidog should not have touched

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCI6RQeS99pGMif6wRAhZLAKDF8NuBM5MrmAaIN3XR7AAwhvdEWQCeO+JZ
zFQml6owdsuhkneXA7HTKZ0=
=YKUw
-----END PGP SIGNATURE-----