[isf-wifidog] Redirect question

Marios Moutzouris m.moutzouris at neuron.gr
Mar 8 Mar 10:19:14 EST 2005 

> 1. Did you compile this version yourself?

No

> 2. If not, where did you get the binaries and where did you get the
> image you flashed your router with?

WifiDog - http://www.ilesansfil.org/dist/wifidog/
          I tried all versions 1.0.2 - does the login, but surfing to site
brings login page again. The others do the looping...
	
OpenWRT - http://openwrt.org/downloads/snapshots/snapshot-20050202.tar.bz2


> 3. Did you load wifidog with the /etc/init.d/S65wifidog link that should
> be created (if you installed an ipkg)? Basically it runs wifidog-init
> which will make sure
> that some modules (required ones) are loaded before loading wifidog.

root at linksys:/usr/bin# ./wifidog-init start
Starting Wifidog ...
Testing for iptables modules
  Testing ipt_mac
   iptables is not working with ipt_mac
   Scanning disk for ipt_mac module
   ipt_mac module exists, trying to load
  ipt_mac loaded sucessfully
  Testing ipt_mark
   ipt_mark module is working
OK

 
> It won't start wifidog in debug mode, but it will at least load the
> appropriate modules first.
> 
> If you want to load the required module by hand:
> insmod ipt_mac
> 
> You also need libipt_mac.so and libipt_MARK.so AND libipt_mark.so for
> iptables,
> all should be located in /usr/lib/iptables on the router.
> 
> I do not know (yet) where you got the binaries from, but you have to
> understand that wifidog needs to be used with the same buildroot as the
> image you are running on the router. You can not just take binaries from
> somewhere and hope that it will work. It might work, but it might also
> be flaky. Reason for this: symbols change, iptables versions might
> differ.. etc.
> 
> If you have not built the image you run on the wrt54g and wifidog
> yourself, we can help by providing you with an image you would flash
> your wrt54g with + wifidog packages that'll work.

That would also be helpful, provided the process is painless;-)

> What could also be problematic, we have not tested the AuthServer clause
> without SSL much.
> It is something we will be looking at very soon but for your tests
> perhaps enabling SSL on your authserver and in wifidog.conf would help
> troubleshoot.

I'll test it with the SSL and provide feedback.

Marios

> On Tue, Mar 08, 2005 at 03:55:19PM +0200, Marios Moutzouris wrote:
> > Thanks for the continued help. I am busy evaluating this product.This is
> > what I have currently.
> > I have "version 1.1.0_beta1" setup. It does not give me the libc
> problem. I
> > have the linksys router(192.168.1.1) connected on our LAN (as
> 192.168.0.218)
> > with my PC(192.168.1.221) on one of its LAN ports. Without wifidog I go
> > through normally.
> >
> > Here the last few lines of the wifidog startup.
> > ===============================================
> > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:224) Reading response
> > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:252) Read 188 bytes, total
> now
> > 188
> > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:267) Done reading reply,
> total
> > 188 bytes
> > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:275) HTTP Response from
> Server:
> > [HTTP/1.1 200 OK
> > Date: Tue, 08 Mar 2005 14:50:08 GMT
> > Server: Apache/2.0.53 (Unix) PHP/5.0.3
> > X-Powered-By: PHP/5.0.3
> > Content-Length: 4
> > Connection: close
> > Content-Type: text/html
> >
> > Pong]
> > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:284) Auth Server Says: Pong
> >
> > Here is the wifidog.conf
> > ========================
> > GatewayID default
> > ExternalInterface vlan1
> > GatewayInterface br0
> > GatewayAddress 192.168.1.1
> > AuthServer {
> >     Hostname 192.168.0.227
> >     Path /wifidog/
> > }
> > CheckInterval 60
> > ClientTimeout 5
> > FirewallRuleSet global {
> >     FirewallRule allow udp to 69.90.89.192/27
> >     FirewallRule allow udp to 69.90.85.0/27
> >     FirewallRule allow tcp port 80 to 69.90.89.205
> > }
> > FirewallRuleSet validating-users {
> >     FirewallRule allow udp port 67
> >     FirewallRule allow tcp port 67
> >     FirewallRule allow udp port 53
> >     FirewallRule allow tcp port 53
> >     FirewallRule allow tcp port 80
> >     FirewallRule allow tcp port 110
> >     FirewallRule allow tcp port 995
> >     FirewallRule allow tcp port 143
> >     FirewallRule allow tcp port 993
> >     FirewallRule allow tcp port 220
> >     FirewallRule allow tcp port 443
> >     FirewallRule block to 0.0.0.0/0
> > }
> > FirewallRuleSet known-users {
> >     FirewallRule allow to 192.168.1.0/24
> > }
> > FirewallRuleSet unknown-users {
> >     FirewallRule allow udp port 53
> >     FirewallRule allow tcp port 53
> >     FirewallRule allow udp port 67
> >     FirewallRule allow tcp port 67
> >     FirewallRule allow to 192.168.0.227
> > }
> > FirewallRuleSet locked-users {
> >     FirewallRule block to 192.168.1.0/24
> > }
> >
> > Here is the output from wifidog output when I try connect to
> www.google.com
> > (browser just sits progress bar slowly increases, but nothing is
> displayed)
> >
> ==========================================================================
> ==
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
> > httpdProcessRequest() for 192.168.1.221
> > [6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
> > re-directed them to login page
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
> > httpdProcessRequest() for 192.168.1.221
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:73) Closing connection with
> > 192.168.1.221
> > [6][Sat Jan  1 00:29:10 2000](gateway.c:246) Received connection from
> > 192.168.1.
> > 221, spawning worker thread
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:65) Processing request from
> > 192.168
> > .1.221
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
> > httpdProcessRequest() for 192.168.1.221
> > [6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
> > re-directed them to login page
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
> > httpdProcessRequest() for 192.168.1.221
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:73) Closing connection with
> > 192.168.1.221
> > [6][Sat Jan  1 00:29:10 2000](gateway.c:246) Received connection from
> > 192.168.1.221, spawning worker thread
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:65) Processing request from
> > 192.168.1.221
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
> > httpdProcessRequest() for 192.168.1.221
> > [6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221 and
> > re-directed them to login page
> > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
> > httpdProcessRequest() for 192.168.1.221
> >
> >
> > On the Auth Server, access_log shows just the ping requests. And nothing
> > else.
> >
> > Thanks
> > Marios
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > Sent: Tuesday, March 08, 2005 3:24 PM
> > > To: WiFiDog Captive Portal
> > > Subject: Re: [isf-wifidog] Redirect question
> > >
> > > Now, I think you're having two issues:
> > >
> > > 1. The reason why clicking on the "google" link goes back to the auth
> > > server, is most likely because WiFiDog couldn't modify the iptables
> > > rules to let you in (you probably don't have libipt_mac.so installed).
> > >
> > > So basically you get authenticated, but never let in for real because
> it
> > > can't find the libipt_mac.so module.
> > >
> > > 2.
> > > > wifidog: can't resolve symbol '__libc_gettimeofday'
> > >
> > > This, suggests that you haven't compiled wifidog yourself, or you have
> > > compiled it with sources of an openwrt buildroot that's not the one
> that's
> > > running on your wrt54g.
> > >
> > > If you have compiled wifidog with the ./ipkg/rules
> > > BUILDROOT=_path_to_buildroot_ method, you would have a shiny .ipk that
> > > you could install on your wrt54g (of course it would work well only if
> > > the wrt54g has been flashed with the same buildroot). The ipkg/rules
> > > script makes sure to compile libipt_mac.so, required by wifidog.
> > >
> > > Let me know what your setup is, we can help! :)
> > >
> > > On Tue, Mar 08, 2005 at 12:34:43PM +0200, Marios Moutzouris wrote:
> > > > On startup of wifidog I get this output:
> > > >
> > > > The cant resolve symbol is that of concern?
> > > >
> > > >
> > > > [6][Sat Jan  1 19:30:39 2000](ping_thread.c:151) Connecting to auth
> > > server
> > > > 192.1
> > > > 68.0.227 on port 80
> > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:173) HTTP Request to
> Server:
> > > > [GET /w
> > > > ifidog/ping/?gw_id=default HTTP/1.0
> > > > User-Agent: WiFiDog 1.0.2
> > > > Host: 192.168.0.227
> > > >
> > > > ]
> > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:177) Reading response
> > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:205) Read 188 bytes,
> total
> > > now
> > > > 188
> > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:220) Done reading reply,
> > > total
> > > > 188 b
> > > > ytes
> > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:228) HTTP Response from
> > > Server:
> > > > [HTT
> > > > P/1.1 200 OK
> > > > Date: Tue, 08 Mar 2005 11:28:53 GMT
> > > > Server: Apache/2.0.53 (Unix) PHP/5.0.3
> > > > X-Powered-By: PHP/5.0.3
> > > > Content-Length: 4
> > > > Connection: close
> > > > Content-Type: text/html
> > > >
> > > > Pong]
> > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:237) Auth Server Says:
> Pong
> > > > wifidog: can't resolve symbol '__libc_gettimeofday'
> > > >
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > > bounces at listes.ilesansfil.org] On Behalf Of Marios Moutzouris
> > > > > Sent: Tuesday, March 08, 2005 10:49 AM
> > > > > To: 'WiFiDog Captive Portal'
> > > > > Subject: RE: [isf-wifidog] Redirect question
> > > > >
> > > > > I installed this wifidog_1.1.0_beta3_mips..ran it
> > > > > The browser was hanging (access to www.google.com)...
> > > > > The debug statements looked like it was bouncing around in the
> linksys
> > > > > The request. As soon as I killed the wifidog process, the login
> page
> > > for
> > > > > The hotspot came up...
> > > > >
> > > > > I am using the default firewall rules in wifidog.conf
> > > > >
> > > > > Marios
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > > > > Sent: Monday, March 07, 2005 5:24 PM
> > > > > > To: WiFiDog Captive Portal
> > > > > > Subject: Re: [isf-wifidog] Redirect question
> > > > > >
> > > > > > Marios,
> > > > > >
> > > > > > The later versions have firewall rules in the config, but it's
> just
> > > > > > basically a more modular version of 1.0.2 (which had rules
> hardcoded
> > > in
> > > > > > the code). 1.1.0_beta3 fixes a lot of issues present in 1.0.2 so
> I
> > > > > really
> > > > > > suggest you try it. Also, with 1.1.0_beta3, no need to configure
> > > > > > ExternalInterface or
> > > > > > GatewayAddress anymore. GatewayInterface is still required but
> the
> > > IP
> > > > > > address of the interface will be
> > > > > > detected automatically.
> > > > > >
> > > > > > In your case, if ExternalInterface is set to vlan1, that means
> you
> > > get
> > > > > > your WAN address via DHCP (not PPPoE)... Just making sure that's
> > > what
> > > > > > you want.
> > > > > >
> > > > > > And for GatewayInterface, make sure with:
> > > > > >
> > > > > > ifconfig br0
> > > > > >
> > > > > > That the bridge does exist and has the internal address set
> right.
> > > > > >
> > > > > > Also, what Mina asked you to send might help.
> > > > > >
> > > > > > --
> > > > > > Philippe April
> > > > > > GnuPG: http://key.philippeapril.com/
> > > > > > Skype ID: mousetrap
> > > > > >
> > > > > > On Mon, Mar 07, 2005 at 05:17:04PM +0200, Marios Moutzouris
> wrote:
> > > > > > > GatewayID default
> > > > > > > ExternalInterface vlan1
> > > > > > > GatewayInterface br0
> > > > > > > GatewayAddress 192.168.1.1
> > > > > > > AuthServer {
> > > > > > >         Hostname 192.168.0.227
> > > > > > >         Path /wifidog/
> > > > > > > }
> > > > > > > CheckInterval 60
> > > > > > > ClientTimeout 5
> > > > > > >
> > > > > > >
> > > > > > > Using wifidog_1.0.2_mipsel.ipk
> > > > > > >
> > > > > > >
> > > > > > > I tried the later versions, but they seem to have a lot of
> > > firewall
> > > > > > rules
> > > > > > > [not a networking expert] and the web browser request went
> > > straight to
> > > > > > the
> > > > > > > web site (e.g. www.google.com)
> > > > > > >
> > > > > > > Thanks
> > > > > > > Marios
> > > > > > >
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > > > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > > > > > > Sent: Monday, March 07, 2005 5:09 PM
> > > > > > > > To: WiFiDog Captive Portal
> > > > > > > > Subject: Re: [isf-wifidog] Redirect question
> > > > > > > >
> > > > > > > > This could be a symptom of a bad configuration (bad
> > > > > ExternalInterface,
> > > > > > > > or GatewayInterface).
> > > > > > > >
> > > > > > > > Some options are not needed anymore and will be detected
> > > > > automatically
> > > > > > > > in the newest versions.
> > > > > > > >
> > > > > > > > What version of WiFiDog do you have, and would you mind
> posting
> > > the
> > > > > > first
> > > > > > > > few lines
> > > > > > > > of your config (the ones about the networking basically.
> > > interfaces,
> > > > > > ip
> > > > > > > > address, etc.)?
> > > > > > > >
> > > > > > > > Thank you :)
> > > > > > > >
> > > > > > > > --
> > > > > > > > Philippe April
> > > > > > > > GnuPG: http://key.philippeapril.com/
> > > > > > > > Skype ID: mousetrap
> > > > > > > >
> > > > > > > > On Mon, Mar 07, 2005 at 12:52:40PM +0200, Marios Moutzouris
> > > wrote:
> > > > > > > > > Hello.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > I installed wifidog/linksys/openwrt etc. I create my user.
> > > When I
> > > > > > surf
> > > > > > > > to
> > > > > > > > > say www.google.com <http://www.google.com/>  I get
> > > > > > > > >
> > > > > > > > > The login page for the site, and enter my login details,
> and
> > > get
> > > > > the
> > > > > > > > > "Default" hotspot look and feel.
> > > > > > > > >
> > > > > > > > > On right hand corner there is an option to go to the site
> > > > > > www.google.com
> > > > > > > > > <http://www.google.com/> , when I click on that
> > > > > > > > >
> > > > > > > > > Link I go back to the hotspot login page.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > What I have I done wrong?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Thank-you
> > > > > > > > >
> > > > > > > > > Marios
> > > > > > > > >
> > > > > > >
> > > > > >
> > > > > > > _______________________________________________
> > > > > > > WiFiDog mailing list
> > > > > > > WiFiDog at listes.ilesansfil.org
> > > > > > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > > > >
> > > >
> > > >
> > >
> > > > _______________________________________________
> > > > WiFiDog mailing list
> > > > WiFiDog at listes.ilesansfil.org
> > > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > >
> > > --
> > > Philippe April
> > > GnuPG: http://key.philippeapril.com/
> > > Skype ID: mousetrap
> >
> 
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 
> --
> Philippe April
> GnuPG: http://key.philippeapril.com/
> Skype ID: mousetrap

Plus d'informations sur la liste de diffusion WiFiDog