[isf-wifidog] Redirect question

Marios Moutzouris m.moutzouris at neuron.gr
Mar 8 Mar 08:55:19 EST 2005 

Thanks for the continued help. I am busy evaluating this product.This is
what I have currently.
I have "version 1.1.0_beta1" setup. It does not give me the libc problem. I
have the linksys router(192.168.1.1) connected on our LAN (as 192.168.0.218)
with my PC(192.168.1.221) on one of its LAN ports. Without wifidog I go
through normally. 

Here the last few lines of the wifidog startup.
===============================================
[7][Sat Jan  1 00:22:34 2000](ping_thread.c:224) Reading response
[7][Sat Jan  1 00:22:34 2000](ping_thread.c:252) Read 188 bytes, total now
188
[7][Sat Jan  1 00:22:34 2000](ping_thread.c:267) Done reading reply, total
188 bytes
[7][Sat Jan  1 00:22:34 2000](ping_thread.c:275) HTTP Response from Server:
[HTTP/1.1 200 OK
Date: Tue, 08 Mar 2005 14:50:08 GMT
Server: Apache/2.0.53 (Unix) PHP/5.0.3
X-Powered-By: PHP/5.0.3
Content-Length: 4
Connection: close
Content-Type: text/html

Pong]
[7][Sat Jan  1 00:22:34 2000](ping_thread.c:284) Auth Server Says: Pong

Here is the wifidog.conf
========================
GatewayID default
ExternalInterface vlan1
GatewayInterface br0
GatewayAddress 192.168.1.1
AuthServer {
    Hostname 192.168.0.227
    Path /wifidog/
}
CheckInterval 60
ClientTimeout 5
FirewallRuleSet global {
    FirewallRule allow udp to 69.90.89.192/27
    FirewallRule allow udp to 69.90.85.0/27
    FirewallRule allow tcp port 80 to 69.90.89.205
}
FirewallRuleSet validating-users {
    FirewallRule allow udp port 67
    FirewallRule allow tcp port 67
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow tcp port 80
    FirewallRule allow tcp port 110
    FirewallRule allow tcp port 995
    FirewallRule allow tcp port 143
    FirewallRule allow tcp port 993
    FirewallRule allow tcp port 220
    FirewallRule allow tcp port 443
    FirewallRule block to 0.0.0.0/0
}
FirewallRuleSet known-users {
    FirewallRule allow to 192.168.1.0/24
}
FirewallRuleSet unknown-users {
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 67
    FirewallRule allow tcp port 67
    FirewallRule allow to 192.168.0.227
}
FirewallRuleSet locked-users {
    FirewallRule block to 192.168.1.0/24
}

Here is the output from wifidog output when I try connect to www.google.com
(browser just sits progress bar slowly increases, but nothing is displayed)
============================================================================
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
httpdProcessRequest() for 192.168.1.221
[6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
re-directed them to login page
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
httpdProcessRequest() for 192.168.1.221
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:73) Closing connection with
192.168.1.221
[6][Sat Jan  1 00:29:10 2000](gateway.c:246) Received connection from
192.168.1.
221, spawning worker thread
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:65) Processing request from
192.168
.1.221
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
httpdProcessRequest() for 192.168.1.221
[6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
re-directed them to login page
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
httpdProcessRequest() for 192.168.1.221
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:73) Closing connection with
192.168.1.221
[6][Sat Jan  1 00:29:10 2000](gateway.c:246) Received connection from
192.168.1.221, spawning worker thread
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:65) Processing request from
192.168.1.221
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
httpdProcessRequest() for 192.168.1.221
[6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
re-directed them to login page
[7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
httpdProcessRequest() for 192.168.1.221


On the Auth Server, access_log shows just the ping requests. And nothing
else.

Thanks
Marios




> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> Sent: Tuesday, March 08, 2005 3:24 PM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] Redirect question
> 
> Now, I think you're having two issues:
> 
> 1. The reason why clicking on the "google" link goes back to the auth
> server, is most likely because WiFiDog couldn't modify the iptables
> rules to let you in (you probably don't have libipt_mac.so installed).
> 
> So basically you get authenticated, but never let in for real because it
> can't find the libipt_mac.so module.
> 
> 2.
> > wifidog: can't resolve symbol '__libc_gettimeofday'
> 
> This, suggests that you haven't compiled wifidog yourself, or you have
> compiled it with sources of an openwrt buildroot that's not the one that's
> running on your wrt54g.
> 
> If you have compiled wifidog with the ./ipkg/rules
> BUILDROOT=_path_to_buildroot_ method, you would have a shiny .ipk that
> you could install on your wrt54g (of course it would work well only if
> the wrt54g has been flashed with the same buildroot). The ipkg/rules
> script makes sure to compile libipt_mac.so, required by wifidog.
> 
> Let me know what your setup is, we can help! :)
> 
> On Tue, Mar 08, 2005 at 12:34:43PM +0200, Marios Moutzouris wrote:
> > On startup of wifidog I get this output:
> >
> > The cant resolve symbol is that of concern?
> >
> >
> > [6][Sat Jan  1 19:30:39 2000](ping_thread.c:151) Connecting to auth
> server
> > 192.1
> > 68.0.227 on port 80
> > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:173) HTTP Request to Server:
> > [GET /w
> > ifidog/ping/?gw_id=default HTTP/1.0
> > User-Agent: WiFiDog 1.0.2
> > Host: 192.168.0.227
> >
> > ]
> > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:177) Reading response
> > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:205) Read 188 bytes, total
> now
> > 188
> > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:220) Done reading reply,
> total
> > 188 b
> > ytes
> > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:228) HTTP Response from
> Server:
> > [HTT
> > P/1.1 200 OK
> > Date: Tue, 08 Mar 2005 11:28:53 GMT
> > Server: Apache/2.0.53 (Unix) PHP/5.0.3
> > X-Powered-By: PHP/5.0.3
> > Content-Length: 4
> > Connection: close
> > Content-Type: text/html
> >
> > Pong]
> > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:237) Auth Server Says: Pong
> > wifidog: can't resolve symbol '__libc_gettimeofday'
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > bounces at listes.ilesansfil.org] On Behalf Of Marios Moutzouris
> > > Sent: Tuesday, March 08, 2005 10:49 AM
> > > To: 'WiFiDog Captive Portal'
> > > Subject: RE: [isf-wifidog] Redirect question
> > >
> > > I installed this wifidog_1.1.0_beta3_mips..ran it
> > > The browser was hanging (access to www.google.com)...
> > > The debug statements looked like it was bouncing around in the linksys
> > > The request. As soon as I killed the wifidog process, the login page
> for
> > > The hotspot came up...
> > >
> > > I am using the default firewall rules in wifidog.conf
> > >
> > > Marios
> > >
> > > > -----Original Message-----
> > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > > Sent: Monday, March 07, 2005 5:24 PM
> > > > To: WiFiDog Captive Portal
> > > > Subject: Re: [isf-wifidog] Redirect question
> > > >
> > > > Marios,
> > > >
> > > > The later versions have firewall rules in the config, but it's just
> > > > basically a more modular version of 1.0.2 (which had rules hardcoded
> in
> > > > the code). 1.1.0_beta3 fixes a lot of issues present in 1.0.2 so I
> > > really
> > > > suggest you try it. Also, with 1.1.0_beta3, no need to configure
> > > > ExternalInterface or
> > > > GatewayAddress anymore. GatewayInterface is still required but the
> IP
> > > > address of the interface will be
> > > > detected automatically.
> > > >
> > > > In your case, if ExternalInterface is set to vlan1, that means you
> get
> > > > your WAN address via DHCP (not PPPoE)... Just making sure that's
> what
> > > > you want.
> > > >
> > > > And for GatewayInterface, make sure with:
> > > >
> > > > ifconfig br0
> > > >
> > > > That the bridge does exist and has the internal address set right.
> > > >
> > > > Also, what Mina asked you to send might help.
> > > >
> > > > --
> > > > Philippe April
> > > > GnuPG: http://key.philippeapril.com/
> > > > Skype ID: mousetrap
> > > >
> > > > On Mon, Mar 07, 2005 at 05:17:04PM +0200, Marios Moutzouris wrote:
> > > > > GatewayID default
> > > > > ExternalInterface vlan1
> > > > > GatewayInterface br0
> > > > > GatewayAddress 192.168.1.1
> > > > > AuthServer {
> > > > >         Hostname 192.168.0.227
> > > > >         Path /wifidog/
> > > > > }
> > > > > CheckInterval 60
> > > > > ClientTimeout 5
> > > > >
> > > > >
> > > > > Using wifidog_1.0.2_mipsel.ipk
> > > > >
> > > > >
> > > > > I tried the later versions, but they seem to have a lot of
> firewall
> > > > rules
> > > > > [not a networking expert] and the web browser request went
> straight to
> > > > the
> > > > > web site (e.g. www.google.com)
> > > > >
> > > > > Thanks
> > > > > Marios
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > > > > Sent: Monday, March 07, 2005 5:09 PM
> > > > > > To: WiFiDog Captive Portal
> > > > > > Subject: Re: [isf-wifidog] Redirect question
> > > > > >
> > > > > > This could be a symptom of a bad configuration (bad
> > > ExternalInterface,
> > > > > > or GatewayInterface).
> > > > > >
> > > > > > Some options are not needed anymore and will be detected
> > > automatically
> > > > > > in the newest versions.
> > > > > >
> > > > > > What version of WiFiDog do you have, and would you mind posting
> the
> > > > first
> > > > > > few lines
> > > > > > of your config (the ones about the networking basically.
> interfaces,
> > > > ip
> > > > > > address, etc.)?
> > > > > >
> > > > > > Thank you :)
> > > > > >
> > > > > > --
> > > > > > Philippe April
> > > > > > GnuPG: http://key.philippeapril.com/
> > > > > > Skype ID: mousetrap
> > > > > >
> > > > > > On Mon, Mar 07, 2005 at 12:52:40PM +0200, Marios Moutzouris
> wrote:
> > > > > > > Hello.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > I installed wifidog/linksys/openwrt etc. I create my user.
> When I
> > > > surf
> > > > > > to
> > > > > > > say www.google.com <http://www.google.com/>  I get
> > > > > > >
> > > > > > > The login page for the site, and enter my login details, and
> get
> > > the
> > > > > > > "Default" hotspot look and feel.
> > > > > > >
> > > > > > > On right hand corner there is an option to go to the site
> > > > www.google.com
> > > > > > > <http://www.google.com/> , when I click on that
> > > > > > >
> > > > > > > Link I go back to the hotspot login page.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > What I have I done wrong?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Thank-you
> > > > > > >
> > > > > > > Marios
> > > > > > >
> > > > >
> > > >
> > > > > _______________________________________________
> > > > > WiFiDog mailing list
> > > > > WiFiDog at listes.ilesansfil.org
> > > > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > >
> >
> >
> 
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 
> --
> Philippe April
> GnuPG: http://key.philippeapril.com/
> Skype ID: mousetrap

Plus d'informations sur la liste de diffusion WiFiDog