[isf-wifidog] Redirect question

Marios Moutzouris m.moutzouris at neuron.gr
Mer 9 Mar 07:33:24 EST 2005


I flash'd the firmware on linksys (got the timing right on a windows box)
and used
http://www.ilesansfil.org/dist/wifidog/wifidog_1.1.0_beta3_mipsel.ipk

Same issues.

Marios

> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> bounces at listes.ilesansfil.org] On Behalf Of Marios Moutzouris
> Sent: Wednesday, March 09, 2005 9:38 AM
> To: 'WiFiDog Captive Portal'
> Subject: RE: [isf-wifidog] Redirect question
> 
> Hello,
> 
> My linksys is the "S" version. My pc is a windows box, and thus this tftp
> Doesn't work, i.e. I get the Timeout problem, when resetting the router
> 
> Thanks
> Marios
> 
> > -----Original Message-----
> > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > Sent: Tuesday, March 08, 2005 5:26 PM
> > To: WiFiDog Captive Portal
> > Subject: Re: [isf-wifidog] Redirect question
> >
> > If you use this image:
> > http://ilesansfil.org/dist/openwrt/openwrt-g-code.bin
> >
> > And this package:
> > http://ilesansfil.org/dist/wifidog/wifidog_1.1.0_beta3_mipsel.ipk
> >
> > And you reflash your router, make sure to boot into "failsafe" after and
> > run "firstboot" to erase everything on your r/w partition.
> >
> > Doc is on openwrt.org in the user manual, but if you can't do it let me
> > know.
> >
> > Then, it'll work much better.
> >
> > Start with a regular config with just "GatewayInterface, GatewayID and
> > AuthServer" entries uncommented (no need for the rest anymore).
> >
> > Let us know!
> >
> > On Tue, Mar 08, 2005 at 05:19:14PM +0200, Marios Moutzouris wrote:
> > > > 1. Did you compile this version yourself?
> > >
> > > No
> > >
> > > > 2. If not, where did you get the binaries and where did you get the
> > > > image you flashed your router with?
> > >
> > > WifiDog - http://www.ilesansfil.org/dist/wifidog/
> > >           I tried all versions 1.0.2 - does the login, but surfing to
> > site
> > > brings login page again. The others do the looping...
> > >
> > > OpenWRT - http://openwrt.org/downloads/snapshots/snapshot-
> > 20050202.tar.bz2
> > >
> > >
> > > > 3. Did you load wifidog with the /etc/init.d/S65wifidog link that
> > should
> > > > be created (if you installed an ipkg)? Basically it runs wifidog-
> init
> > > > which will make sure
> > > > that some modules (required ones) are loaded before loading wifidog.
> > >
> > > root at linksys:/usr/bin# ./wifidog-init start
> > > Starting Wifidog ...
> > > Testing for iptables modules
> > >   Testing ipt_mac
> > >    iptables is not working with ipt_mac
> > >    Scanning disk for ipt_mac module
> > >    ipt_mac module exists, trying to load
> > >   ipt_mac loaded sucessfully
> > >   Testing ipt_mark
> > >    ipt_mark module is working
> > > OK
> > >
> > >
> > > > It won't start wifidog in debug mode, but it will at least load the
> > > > appropriate modules first.
> > > >
> > > > If you want to load the required module by hand:
> > > > insmod ipt_mac
> > > >
> > > > You also need libipt_mac.so and libipt_MARK.so AND libipt_mark.so
> for
> > > > iptables,
> > > > all should be located in /usr/lib/iptables on the router.
> > > >
> > > > I do not know (yet) where you got the binaries from, but you have to
> > > > understand that wifidog needs to be used with the same buildroot as
> > the
> > > > image you are running on the router. You can not just take binaries
> > from
> > > > somewhere and hope that it will work. It might work, but it might
> also
> > > > be flaky. Reason for this: symbols change, iptables versions might
> > > > differ.. etc.
> > > >
> > > > If you have not built the image you run on the wrt54g and wifidog
> > > > yourself, we can help by providing you with an image you would flash
> > > > your wrt54g with + wifidog packages that'll work.
> > >
> > > That would also be helpful, provided the process is painless;-)
> > >
> > > > What could also be problematic, we have not tested the AuthServer
> > clause
> > > > without SSL much.
> > > > It is something we will be looking at very soon but for your tests
> > > > perhaps enabling SSL on your authserver and in wifidog.conf would
> help
> > > > troubleshoot.
> > >
> > > I'll test it with the SSL and provide feedback.
> > >
> > > Marios
> > >
> > > > On Tue, Mar 08, 2005 at 03:55:19PM +0200, Marios Moutzouris wrote:
> > > > > Thanks for the continued help. I am busy evaluating this
> > product.This is
> > > > > what I have currently.
> > > > > I have "version 1.1.0_beta1" setup. It does not give me the libc
> > > > problem. I
> > > > > have the linksys router(192.168.1.1) connected on our LAN (as
> > > > 192.168.0.218)
> > > > > with my PC(192.168.1.221) on one of its LAN ports. Without wifidog
> I
> > go
> > > > > through normally.
> > > > >
> > > > > Here the last few lines of the wifidog startup.
> > > > > ===============================================
> > > > > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:224) Reading response
> > > > > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:252) Read 188 bytes,
> > total
> > > > now
> > > > > 188
> > > > > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:267) Done reading
> reply,
> > > > total
> > > > > 188 bytes
> > > > > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:275) HTTP Response
> from
> > > > Server:
> > > > > [HTTP/1.1 200 OK
> > > > > Date: Tue, 08 Mar 2005 14:50:08 GMT
> > > > > Server: Apache/2.0.53 (Unix) PHP/5.0.3
> > > > > X-Powered-By: PHP/5.0.3
> > > > > Content-Length: 4
> > > > > Connection: close
> > > > > Content-Type: text/html
> > > > >
> > > > > Pong]
> > > > > [7][Sat Jan  1 00:22:34 2000](ping_thread.c:284) Auth Server Says:
> > Pong
> > > > >
> > > > > Here is the wifidog.conf
> > > > > ========================
> > > > > GatewayID default
> > > > > ExternalInterface vlan1
> > > > > GatewayInterface br0
> > > > > GatewayAddress 192.168.1.1
> > > > > AuthServer {
> > > > >     Hostname 192.168.0.227
> > > > >     Path /wifidog/
> > > > > }
> > > > > CheckInterval 60
> > > > > ClientTimeout 5
> > > > > FirewallRuleSet global {
> > > > >     FirewallRule allow udp to 69.90.89.192/27
> > > > >     FirewallRule allow udp to 69.90.85.0/27
> > > > >     FirewallRule allow tcp port 80 to 69.90.89.205
> > > > > }
> > > > > FirewallRuleSet validating-users {
> > > > >     FirewallRule allow udp port 67
> > > > >     FirewallRule allow tcp port 67
> > > > >     FirewallRule allow udp port 53
> > > > >     FirewallRule allow tcp port 53
> > > > >     FirewallRule allow tcp port 80
> > > > >     FirewallRule allow tcp port 110
> > > > >     FirewallRule allow tcp port 995
> > > > >     FirewallRule allow tcp port 143
> > > > >     FirewallRule allow tcp port 993
> > > > >     FirewallRule allow tcp port 220
> > > > >     FirewallRule allow tcp port 443
> > > > >     FirewallRule block to 0.0.0.0/0
> > > > > }
> > > > > FirewallRuleSet known-users {
> > > > >     FirewallRule allow to 192.168.1.0/24
> > > > > }
> > > > > FirewallRuleSet unknown-users {
> > > > >     FirewallRule allow udp port 53
> > > > >     FirewallRule allow tcp port 53
> > > > >     FirewallRule allow udp port 67
> > > > >     FirewallRule allow tcp port 67
> > > > >     FirewallRule allow to 192.168.0.227
> > > > > }
> > > > > FirewallRuleSet locked-users {
> > > > >     FirewallRule block to 192.168.1.0/24
> > > > > }
> > > > >
> > > > > Here is the output from wifidog output when I try connect to
> > > > www.google.com
> > > > > (browser just sits progress bar slowly increases, but nothing is
> > > > displayed)
> > > > >
> > > >
> >
> ==========================================================================
> > > > ==
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
> > > > > httpdProcessRequest() for 192.168.1.221
> > > > > [6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221
> and
> > > > > re-directed them to login page
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
> > > > > httpdProcessRequest() for 192.168.1.221
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:73) Closing
> connection
> > with
> > > > > 192.168.1.221
> > > > > [6][Sat Jan  1 00:29:10 2000](gateway.c:246) Received connection
> > from
> > > > > 192.168.1.
> > > > > 221, spawning worker thread
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:65) Processing
> request
> > from
> > > > > 192.168
> > > > > .1.221
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
> > > > > httpdProcessRequest() for 192.168.1.221
> > > > > [6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221
> and
> > > > > re-directed them to login page
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
> > > > > httpdProcessRequest() for 192.168.1.221
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:73) Closing
> connection
> > with
> > > > > 192.168.1.221
> > > > > [6][Sat Jan  1 00:29:10 2000](gateway.c:246) Received connection
> > from
> > > > > 192.168.1.221, spawning worker thread
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:65) Processing
> request
> > from
> > > > > 192.168.1.221
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:66) Calling
> > > > > httpdProcessRequest() for 192.168.1.221
> > > > > [6][Sat Jan  1 00:29:10 2000](http.c:118) Captured 192.168.1.221
> and
> > > > > re-directed them to login page
> > > > > [7][Sat Jan  1 00:29:10 2000](httpd_thread.c:68) Returned from
> > > > > httpdProcessRequest() for 192.168.1.221
> > > > >
> > > > >
> > > > > On the Auth Server, access_log shows just the ping requests. And
> > nothing
> > > > > else.
> > > > >
> > > > > Thanks
> > > > > Marios
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > > > > Sent: Tuesday, March 08, 2005 3:24 PM
> > > > > > To: WiFiDog Captive Portal
> > > > > > Subject: Re: [isf-wifidog] Redirect question
> > > > > >
> > > > > > Now, I think you're having two issues:
> > > > > >
> > > > > > 1. The reason why clicking on the "google" link goes back to the
> > auth
> > > > > > server, is most likely because WiFiDog couldn't modify the
> > iptables
> > > > > > rules to let you in (you probably don't have libipt_mac.so
> > installed).
> > > > > >
> > > > > > So basically you get authenticated, but never let in for real
> > because
> > > > it
> > > > > > can't find the libipt_mac.so module.
> > > > > >
> > > > > > 2.
> > > > > > > wifidog: can't resolve symbol '__libc_gettimeofday'
> > > > > >
> > > > > > This, suggests that you haven't compiled wifidog yourself, or
> you
> > have
> > > > > > compiled it with sources of an openwrt buildroot that's not the
> > one
> > > > that's
> > > > > > running on your wrt54g.
> > > > > >
> > > > > > If you have compiled wifidog with the ./ipkg/rules
> > > > > > BUILDROOT=_path_to_buildroot_ method, you would have a shiny
> .ipk
> > that
> > > > > > you could install on your wrt54g (of course it would work well
> > only if
> > > > > > the wrt54g has been flashed with the same buildroot). The
> > ipkg/rules
> > > > > > script makes sure to compile libipt_mac.so, required by wifidog.
> > > > > >
> > > > > > Let me know what your setup is, we can help! :)
> > > > > >
> > > > > > On Tue, Mar 08, 2005 at 12:34:43PM +0200, Marios Moutzouris
> wrote:
> > > > > > > On startup of wifidog I get this output:
> > > > > > >
> > > > > > > The cant resolve symbol is that of concern?
> > > > > > >
> > > > > > >
> > > > > > > [6][Sat Jan  1 19:30:39 2000](ping_thread.c:151) Connecting to
> > auth
> > > > > > server
> > > > > > > 192.1
> > > > > > > 68.0.227 on port 80
> > > > > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:173) HTTP Request
> to
> > > > Server:
> > > > > > > [GET /w
> > > > > > > ifidog/ping/?gw_id=default HTTP/1.0
> > > > > > > User-Agent: WiFiDog 1.0.2
> > > > > > > Host: 192.168.0.227
> > > > > > >
> > > > > > > ]
> > > > > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:177) Reading
> > response
> > > > > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:205) Read 188
> bytes,
> > > > total
> > > > > > now
> > > > > > > 188
> > > > > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:220) Done reading
> > reply,
> > > > > > total
> > > > > > > 188 b
> > > > > > > ytes
> > > > > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:228) HTTP Response
> > from
> > > > > > Server:
> > > > > > > [HTT
> > > > > > > P/1.1 200 OK
> > > > > > > Date: Tue, 08 Mar 2005 11:28:53 GMT
> > > > > > > Server: Apache/2.0.53 (Unix) PHP/5.0.3
> > > > > > > X-Powered-By: PHP/5.0.3
> > > > > > > Content-Length: 4
> > > > > > > Connection: close
> > > > > > > Content-Type: text/html
> > > > > > >
> > > > > > > Pong]
> > > > > > > [7][Sat Jan  1 19:30:39 2000](ping_thread.c:237) Auth Server
> > Says:
> > > > Pong
> > > > > > > wifidog: can't resolve symbol '__libc_gettimeofday'
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-
> > > > > > > > bounces at listes.ilesansfil.org] On Behalf Of Marios
> Moutzouris
> > > > > > > > Sent: Tuesday, March 08, 2005 10:49 AM
> > > > > > > > To: 'WiFiDog Captive Portal'
> > > > > > > > Subject: RE: [isf-wifidog] Redirect question
> > > > > > > >
> > > > > > > > I installed this wifidog_1.1.0_beta3_mips..ran it
> > > > > > > > The browser was hanging (access to www.google.com)...
> > > > > > > > The debug statements looked like it was bouncing around in
> the
> > > > linksys
> > > > > > > > The request. As soon as I killed the wifidog process, the
> > login
> > > > page
> > > > > > for
> > > > > > > > The hotspot came up...
> > > > > > > >
> > > > > > > > I am using the default firewall rules in wifidog.conf
> > > > > > > >
> > > > > > > > Marios
> > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-
> > > > > > > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe April
> > > > > > > > > Sent: Monday, March 07, 2005 5:24 PM
> > > > > > > > > To: WiFiDog Captive Portal
> > > > > > > > > Subject: Re: [isf-wifidog] Redirect question
> > > > > > > > >
> > > > > > > > > Marios,
> > > > > > > > >
> > > > > > > > > The later versions have firewall rules in the config, but
> > it's
> > > > just
> > > > > > > > > basically a more modular version of 1.0.2 (which had rules
> > > > hardcoded
> > > > > > in
> > > > > > > > > the code). 1.1.0_beta3 fixes a lot of issues present in
> > 1.0.2 so
> > > > I
> > > > > > > > really
> > > > > > > > > suggest you try it. Also, with 1.1.0_beta3, no need to
> > configure
> > > > > > > > > ExternalInterface or
> > > > > > > > > GatewayAddress anymore. GatewayInterface is still required
> > but
> > > > the
> > > > > > IP
> > > > > > > > > address of the interface will be
> > > > > > > > > detected automatically.
> > > > > > > > >
> > > > > > > > > In your case, if ExternalInterface is set to vlan1, that
> > means
> > > > you
> > > > > > get
> > > > > > > > > your WAN address via DHCP (not PPPoE)... Just making sure
> > that's
> > > > > > what
> > > > > > > > > you want.
> > > > > > > > >
> > > > > > > > > And for GatewayInterface, make sure with:
> > > > > > > > >
> > > > > > > > > ifconfig br0
> > > > > > > > >
> > > > > > > > > That the bridge does exist and has the internal address
> set
> > > > right.
> > > > > > > > >
> > > > > > > > > Also, what Mina asked you to send might help.
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Philippe April
> > > > > > > > > GnuPG: http://key.philippeapril.com/
> > > > > > > > > Skype ID: mousetrap
> > > > > > > > >
> > > > > > > > > On Mon, Mar 07, 2005 at 05:17:04PM +0200, Marios
> Moutzouris
> > > > wrote:
> > > > > > > > > > GatewayID default
> > > > > > > > > > ExternalInterface vlan1
> > > > > > > > > > GatewayInterface br0
> > > > > > > > > > GatewayAddress 192.168.1.1
> > > > > > > > > > AuthServer {
> > > > > > > > > >         Hostname 192.168.0.227
> > > > > > > > > >         Path /wifidog/
> > > > > > > > > > }
> > > > > > > > > > CheckInterval 60
> > > > > > > > > > ClientTimeout 5
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Using wifidog_1.0.2_mipsel.ipk
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > I tried the later versions, but they seem to have a lot
> of
> > > > > > firewall
> > > > > > > > > rules
> > > > > > > > > > [not a networking expert] and the web browser request
> went
> > > > > > straight to
> > > > > > > > > the
> > > > > > > > > > web site (e.g. www.google.com)
> > > > > > > > > >
> > > > > > > > > > Thanks
> > > > > > > > > > Marios
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > From: wifidog-bounces at listes.ilesansfil.org
> > [mailto:wifidog-
> > > > > > > > > > > bounces at listes.ilesansfil.org] On Behalf Of Philippe
> > April
> > > > > > > > > > > Sent: Monday, March 07, 2005 5:09 PM
> > > > > > > > > > > To: WiFiDog Captive Portal
> > > > > > > > > > > Subject: Re: [isf-wifidog] Redirect question
> > > > > > > > > > >
> > > > > > > > > > > This could be a symptom of a bad configuration (bad
> > > > > > > > ExternalInterface,
> > > > > > > > > > > or GatewayInterface).
> > > > > > > > > > >
> > > > > > > > > > > Some options are not needed anymore and will be
> detected
> > > > > > > > automatically
> > > > > > > > > > > in the newest versions.
> > > > > > > > > > >
> > > > > > > > > > > What version of WiFiDog do you have, and would you
> mind
> > > > posting
> > > > > > the
> > > > > > > > > first
> > > > > > > > > > > few lines
> > > > > > > > > > > of your config (the ones about the networking
> basically.
> > > > > > interfaces,
> > > > > > > > > ip
> > > > > > > > > > > address, etc.)?
> > > > > > > > > > >
> > > > > > > > > > > Thank you :)
> > > > > > > > > > >
> > > > > > > > > > > --
> > > > > > > > > > > Philippe April
> > > > > > > > > > > GnuPG: http://key.philippeapril.com/
> > > > > > > > > > > Skype ID: mousetrap
> > > > > > > > > > >
> > > > > > > > > > > On Mon, Mar 07, 2005 at 12:52:40PM +0200, Marios
> > Moutzouris
> > > > > > wrote:
> > > > > > > > > > > > Hello.
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > I installed wifidog/linksys/openwrt etc. I create my
> > user.
> > > > > > When I
> > > > > > > > > surf
> > > > > > > > > > > to
> > > > > > > > > > > > say www.google.com <http://www.google.com/>  I get
> > > > > > > > > > > >
> > > > > > > > > > > > The login page for the site, and enter my login
> > details,
> > > > and
> > > > > > get
> > > > > > > > the
> > > > > > > > > > > > "Default" hotspot look and feel.
> > > > > > > > > > > >
> > > > > > > > > > > > On right hand corner there is an option to go to the
> > site
> > > > > > > > > www.google.com
> > > > > > > > > > > > <http://www.google.com/> , when I click on that
> > > > > > > > > > > >
> > > > > > > > > > > > Link I go back to the hotspot login page.
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > What I have I done wrong?
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > Thank-you
> > > > > > > > > > > >
> > > > > > > > > > > > Marios
> > > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > > > _______________________________________________
> > > > > > > > > > WiFiDog mailing list
> > > > > > > > > > WiFiDog at listes.ilesansfil.org
> > > > > > > > > > http://listes.ilesansfil.org/cgi-
> > bin/mailman/listinfo/wifidog
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > > _______________________________________________
> > > > > > > WiFiDog mailing list
> > > > > > > WiFiDog at listes.ilesansfil.org
> > > > > > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > > > > >
> > > > > > --
> > > > > > Philippe April
> > > > > > GnuPG: http://key.philippeapril.com/
> > > > > > Skype ID: mousetrap
> > > > >
> > > >
> > > > > _______________________________________________
> > > > > WiFiDog mailing list
> > > > > WiFiDog at listes.ilesansfil.org
> > > > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > > >
> > > > --
> > > > Philippe April
> > > > GnuPG: http://key.philippeapril.com/
> > > > Skype ID: mousetrap
> > >
> >
> > > _______________________________________________
> > > WiFiDog mailing list
> > > WiFiDog at listes.ilesansfil.org
> > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >
> > --
> > Philippe April
> > GnuPG: http://key.philippeapril.com/
> > Skype ID: mousetrap




Plus d'informations sur la liste de diffusion WiFiDog