[isf-wifidog] Redirect question
Philippe April
isf_lists at philippeapril.com
Mar 8 Mar 10:00:55 EST 2005
1. Did you compile this version yourself?
2. If not, where did you get the binaries and where did you get the
image you flashed your router with?
3. Did you load wifidog with the /etc/init.d/S65wifidog link that should
be created (if you installed an ipkg)? Basically it runs wifidog-init which will make sure
that some modules (required ones) are loaded before loading wifidog.
It won't start wifidog in debug mode, but it will at least load the
appropriate modules first.
If you want to load the required module by hand:
insmod ipt_mac
You also need libipt_mac.so and libipt_MARK.so AND libipt_mark.so for iptables,
all should be located in /usr/lib/iptables on the router.
I do not know (yet) where you got the binaries from, but you have to
understand that wifidog needs to be used with the same buildroot as the
image you are running on the router. You can not just take binaries from
somewhere and hope that it will work. It might work, but it might also
be flaky. Reason for this: symbols change, iptables versions might
differ.. etc.
If you have not built the image you run on the wrt54g and wifidog
yourself, we can help by providing you with an image you would flash
your wrt54g with + wifidog packages that'll work.
What could also be problematic, we have not tested the AuthServer clause without SSL much.
It is something we will be looking at very soon but for your tests
perhaps enabling SSL on your authserver and in wifidog.conf would help
troubleshoot.
On Tue, Mar 08, 2005 at 03:55:19PM +0200, Marios Moutzouris wrote:
> Thanks for the continued help. I am busy evaluating this product.This is
> what I have currently.
> I have "version 1.1.0_beta1" setup. It does not give me the libc problem. I
> have the linksys router(192.168.1.1) connected on our LAN (as 192.168.0.218)
> with my PC(192.168.1.221) on one of its LAN ports. Without wifidog I go
> through normally.
>
> Here the last few lines of the wifidog startup.
> ===============================================
> [7][Sat Jan 1 00:22:34 2000](ping_thread.c:224) Reading response
> [7][Sat Jan 1 00:22:34 2000](ping_thread.c:252) Read 188 bytes, total now
> 188
> [7][Sat Jan 1 00:22:34 2000](ping_thread.c:267) Done reading reply, total
> 188 bytes
> [7][Sat Jan 1 00:22:34 2000](ping_thread.c:275) HTTP Response from Server:
> [HTTP/1.1 200 OK
> Date: Tue, 08 Mar 2005 14:50:08 GMT
> Server: Apache/2.0.53 (Unix) PHP/5.0.3
> X-Powered-By: PHP/5.0.3
> Content-Length: 4
> Connection: close
> Content-Type: text/html
>
> Pong]
> [7][Sat Jan 1 00:22:34 2000](ping_thread.c:284) Auth Server Says: Pong
>
> Here is the wifidog.conf
> ========================
> GatewayID default
> ExternalInterface vlan1
> GatewayInterface br0
> GatewayAddress 192.168.1.1
> AuthServer {
> Hostname 192.168.0.227
> Path /wifidog/
> }
> CheckInterval 60
> ClientTimeout 5
> FirewallRuleSet global {
> FirewallRule allow udp to 69.90.89.192/27
> FirewallRule allow udp to 69.90.85.0/27
> FirewallRule allow tcp port 80 to 69.90.89.205
> }
> FirewallRuleSet validating-users {
> FirewallRule allow udp port 67
> FirewallRule allow tcp port 67
> FirewallRule allow udp port 53
> FirewallRule allow tcp port 53
> FirewallRule allow tcp port 80
> FirewallRule allow tcp port 110
> FirewallRule allow tcp port 995
> FirewallRule allow tcp port 143
> FirewallRule allow tcp port 993
> FirewallRule allow tcp port 220
> FirewallRule allow tcp port 443
> FirewallRule block to 0.0.0.0/0
> }
> FirewallRuleSet known-users {
> FirewallRule allow to 192.168.1.0/24
> }
> FirewallRuleSet unknown-users {
> FirewallRule allow udp port 53
> FirewallRule allow tcp port 53
> FirewallRule allow udp port 67
> FirewallRule allow tcp port 67
> FirewallRule allow to 192.168.0.227
> }
> FirewallRuleSet locked-users {
> FirewallRule block to 192.168.1.0/24
> }
>
> Here is the output from wifidog output when I try connect to www.google.com
> (browser just sits progress bar slowly increases, but nothing is displayed)
> ============================================================================
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:66) Calling
> httpdProcessRequest() for 192.168.1.221
> [6][Sat Jan 1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
> re-directed them to login page
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:68) Returned from
> httpdProcessRequest() for 192.168.1.221
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:73) Closing connection with
> 192.168.1.221
> [6][Sat Jan 1 00:29:10 2000](gateway.c:246) Received connection from
> 192.168.1.
> 221, spawning worker thread
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:65) Processing request from
> 192.168
> .1.221
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:66) Calling
> httpdProcessRequest() for 192.168.1.221
> [6][Sat Jan 1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
> re-directed them to login page
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:68) Returned from
> httpdProcessRequest() for 192.168.1.221
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:73) Closing connection with
> 192.168.1.221
> [6][Sat Jan 1 00:29:10 2000](gateway.c:246) Received connection from
> 192.168.1.221, spawning worker thread
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:65) Processing request from
> 192.168.1.221
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:66) Calling
> httpdProcessRequest() for 192.168.1.221
> [6][Sat Jan 1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
> re-directed them to login page
> [7][Sat Jan 1 00:29:10 2000](httpd_thread.c:68) Returned from
> httpdProcessRequest() for 192.168.1.221
>
>
> On the Auth Server, access_log shows just the ping requests. And nothing
> else.
>
> Thanks
> Marios
>
>
>
>
> > -----Original Message-----
> > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > Sent: Tuesday, March 08, 2005 3:24 PM
> > To: WiFiDog Captive Portal
> > Subject: Re: [isf-wifidog] Redirect question
> >
> > Now, I think you're having two issues:
> >
> > 1. The reason why clicking on the "google" link goes back to the auth
> > server, is most likely because WiFiDog couldn't modify the iptables
> > rules to let you in (you probably don't have libipt_mac.so installed).
> >
> > So basically you get authenticated, but never let in for real because it
> > can't find the libipt_mac.so module.
> >
> > 2.
> > > wifidog: can't resolve symbol '__libc_gettimeofday'
> >
> > This, suggests that you haven't compiled wifidog yourself, or you have
> > compiled it with sources of an openwrt buildroot that's not the one that's
> > running on your wrt54g.
> >
> > If you have compiled wifidog with the ./ipkg/rules
> > BUILDROOT=_path_to_buildroot_ method, you would have a shiny .ipk that
> > you could install on your wrt54g (of course it would work well only if
> > the wrt54g has been flashed with the same buildroot). The ipkg/rules
> > script makes sure to compile libipt_mac.so, required by wifidog.
> >
> > Let me know what your setup is, we can help! :)
> >
> > On Tue, Mar 08, 2005 at 12:34:43PM +0200, Marios Moutzouris wrote:
> > > On startup of wifidog I get this output:
> > >
> > > The cant resolve symbol is that of concern?
> > >
> > >
> > > [6][Sat Jan 1 19:30:39 2000](ping_thread.c:151) Connecting to auth
> > server
> > > 192.1
> > > 68.0.227 on port 80
> > > [7][Sat Jan 1 19:30:39 2000](ping_thread.c:173) HTTP Request to Server:
> > > [GET /w
> > > ifidog/ping/?gw_id=default HTTP/1.0
> > > User-Agent: WiFiDog 1.0.2
> > > Host: 192.168.0.227
> > >
> > > ]
> > > [7][Sat Jan 1 19:30:39 2000](ping_thread.c:177) Reading response
> > > [7][Sat Jan 1 19:30:39 2000](ping_thread.c:205) Read 188 bytes, total
> > now
> > > 188
> > > [7][Sat Jan 1 19:30:39 2000](ping_thread.c:220) Done reading reply,
> > total
> > > 188 b
> > > ytes
> > > [7][Sat Jan 1 19:30:39 2000](ping_thread.c:228) HTTP Response from
> > Server:
> > > [HTT
> > > P/1.1 200 OK
> > > Date: Tue, 08 Mar 2005 11:28:53 GMT
> > > Server: Apache/2.0.53 (Unix) PHP/5.0.3
> > > X-Powered-By: PHP/5.0.3
> > > Content-Length: 4
> > > Connection: close
> > > Content-Type: text/html
> > >
> > > Pong]
> > > [7][Sat Jan 1 19:30:39 2000](ping_thread.c:237) Auth Server Says: Pong
> > > wifidog: can't resolve symbol '__libc_gettimeofday'
> > >
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > bounces at listes.ilesansfil.org] On Behalf Of Marios Moutzouris
> > > > Sent: Tuesday, March 08, 2005 10:49 AM
> > > > To: 'WiFiDog Captive Portal'
> > > > Subject: RE: [isf-wifidog] Redirect question
> > > >
> > > > I installed this wifidog_1.1.0_beta3_mips..ran it
> > > > The browser was hanging (access to www.google.com)...
> > > > The debug statements looked like it was bouncing around in the linksys
> > > > The request. As soon as I killed the wifidog process, the login page
> > for
> > > > The hotspot came up...
> > > >
> > > > I am using the default firewall rules in wifidog.conf
> > > >
> > > > Marios
> > > >
> > > > > -----Original Message-----
> > > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > > > Sent: Monday, March 07, 2005 5:24 PM
> > > > > To: WiFiDog Captive Portal
> > > > > Subject: Re: [isf-wifidog] Redirect question
> > > > >
> > > > > Marios,
> > > > >
> > > > > The later versions have firewall rules in the config, but it's just
> > > > > basically a more modular version of 1.0.2 (which had rules hardcoded
> > in
> > > > > the code). 1.1.0_beta3 fixes a lot of issues present in 1.0.2 so I
> > > > really
> > > > > suggest you try it. Also, with 1.1.0_beta3, no need to configure
> > > > > ExternalInterface or
> > > > > GatewayAddress anymore. GatewayInterface is still required but the
> > IP
> > > > > address of the interface will be
> > > > > detected automatically.
> > > > >
> > > > > In your case, if ExternalInterface is set to vlan1, that means you
> > get
> > > > > your WAN address via DHCP (not PPPoE)... Just making sure that's
> > what
> > > > > you want.
> > > > >
> > > > > And for GatewayInterface, make sure with:
> > > > >
> > > > > ifconfig br0
> > > > >
> > > > > That the bridge does exist and has the internal address set right.
> > > > >
> > > > > Also, what Mina asked you to send might help.
> > > > >
> > > > > --
> > > > > Philippe April
> > > > > GnuPG: http://key.philippeapril.com/
> > > > > Skype ID: mousetrap
> > > > >
> > > > > On Mon, Mar 07, 2005 at 05:17:04PM +0200, Marios Moutzouris wrote:
> > > > > > GatewayID default
> > > > > > ExternalInterface vlan1
> > > > > > GatewayInterface br0
> > > > > > GatewayAddress 192.168.1.1
> > > > > > AuthServer {
> > > > > > Hostname 192.168.0.227
> > > > > > Path /wifidog/
> > > > > > }
> > > > > > CheckInterval 60
> > > > > > ClientTimeout 5
> > > > > >
> > > > > >
> > > > > > Using wifidog_1.0.2_mipsel.ipk
> > > > > >
> > > > > >
> > > > > > I tried the later versions, but they seem to have a lot of
> > firewall
> > > > > rules
> > > > > > [not a networking expert] and the web browser request went
> > straight to
> > > > > the
> > > > > > web site (e.g. www.google.com)
> > > > > >
> > > > > > Thanks
> > > > > > Marios
> > > > > >
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > > > > > Sent: Monday, March 07, 2005 5:09 PM
> > > > > > > To: WiFiDog Captive Portal
> > > > > > > Subject: Re: [isf-wifidog] Redirect question
> > > > > > >
> > > > > > > This could be a symptom of a bad configuration (bad
> > > > ExternalInterface,
> > > > > > > or GatewayInterface).
> > > > > > >
> > > > > > > Some options are not needed anymore and will be detected
> > > > automatically
> > > > > > > in the newest versions.
> > > > > > >
> > > > > > > What version of WiFiDog do you have, and would you mind posting
> > the
> > > > > first
> > > > > > > few lines
> > > > > > > of your config (the ones about the networking basically.
> > interfaces,
> > > > > ip
> > > > > > > address, etc.)?
> > > > > > >
> > > > > > > Thank you :)
> > > > > > >
> > > > > > > --
> > > > > > > Philippe April
> > > > > > > GnuPG: http://key.philippeapril.com/
> > > > > > > Skype ID: mousetrap
> > > > > > >
> > > > > > > On Mon, Mar 07, 2005 at 12:52:40PM +0200, Marios Moutzouris
> > wrote:
> > > > > > > > Hello.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > I installed wifidog/linksys/openwrt etc. I create my user.
> > When I
> > > > > surf
> > > > > > > to
> > > > > > > > say www.google.com <http://www.google.com/> I get
> > > > > > > >
> > > > > > > > The login page for the site, and enter my login details, and
> > get
> > > > the
> > > > > > > > "Default" hotspot look and feel.
> > > > > > > >
> > > > > > > > On right hand corner there is an option to go to the site
> > > > > www.google.com
> > > > > > > > <http://www.google.com/> , when I click on that
> > > > > > > >
> > > > > > > > Link I go back to the hotspot login page.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > What I have I done wrong?
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Thank-you
> > > > > > > >
> > > > > > > > Marios
> > > > > > > >
> > > > > >
> > > > >
> > > > > > _______________________________________________
> > > > > > WiFiDog mailing list
> > > > > > WiFiDog at listes.ilesansfil.org
> > > > > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > > >
> > >
> > >
> >
> > > _______________________________________________
> > > WiFiDog mailing list
> > > WiFiDog at listes.ilesansfil.org
> > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >
> > --
> > Philippe April
> > GnuPG: http://key.philippeapril.com/
> > Skype ID: mousetrap
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
--
Philippe April
GnuPG: http://key.philippeapril.com/
Skype ID: mousetrap
Plus d'informations sur la liste de diffusion WiFiDog