[isf-wifidog] RE: Lot WiFiDog, Vol 8, Parution 22
Philippe April
isf_lists at philippeapril.com
Ven 16 Sep 22:08:30 EDT 2005
Yeah. I don't get it and will do more tests tonight, same thing
happens at home.
If I start the firewall scripts after it's initialized, it's fine.
If I let it start at boot and reboot, .... it doesn't work.
For some reason, I'm thinking it doesn't have to do with
wifidog..........
Est-ce que tu as "splitté" le WIFI du LAN toi aussi en modifiant les
variables wifi_ ?
Philippe April
GnuPG http://key.philippeapril.com
On 16-Sep-05, at 6:33 PM, Loďc DEVAUX wrote:
> So I tried to install wifidog after the other packages
> (libpthread,iptables-extra,kmod-iptables) with the advice of Mario.
>
> The wifidog configuration was:
>
> FirewallRuleSet global {
> FirewallRule allow udp to 69.90.89.192/27
> FirewallRule allow udp to 69.90.85.0/27
> FirewallRule allow tcp port 80 to 69.90.89.205
> }
>
> # Rule Set: validating-users
> #
> # Used for new users validating their account
> FirewallRuleSet validating-users {
> FirewallRule block tcp port 25
> FirewallRule allow to 0.0.0.0/0
> }
>
> # Rule Set: known-users
> #
> # Used for normal validated users.
> FirewallRuleSet known-users {
> FirewallRule allow to 0.0.0.0/0
> }
>
> # Rule Set: unknown-users
> #
> # Used for unvalidated users, this is the ruleset that gets
> redirected.
> #
> # XXX The redirect code adds the Default DROP clause.
> FirewallRuleSet unknown-users {
> FirewallRule allow udp port 53
> FirewallRule allow tcp port 53
> FirewallRule allow udp port 67
> FirewallRule allow tcp port 67
> }
>
> # Rule Set: locked-users
> #
> # Used for users that have been locked out.
> FirewallRuleSet locked-users {
> FirewallRule block to 0.0.0.0/0
> }
>
> And the iptables rules after launching of Wifidog :
>
> root at OpenWrt:~# iptables -L
> Chain INPUT (policy DROP)
> target prot opt source destination
> DROP all -- anywhere anywhere state
> INVALID
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all -- anywhere anywhere
> ACCEPT icmp -- anywhere anywhere
> ACCEPT gre -- anywhere anywhere
> input_rule all -- anywhere anywhere
> DROP tcp -- anywhere anywhere tcp
> option=!2
> flags:SYN,RST,ACK/SYN
> REJECT tcp -- anywhere anywhere reject-
> with
> tcp-reset
> REJECT all -- anywhere anywhere reject-
> with
> icmp-port-unreachable
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> DROP all -- anywhere anywhere state
> INVALID
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> forwarding_rule all -- anywhere anywhere
> WiFiDog_WIFI2Internet all -- anywhere anywhere
>
> Chain OUTPUT (policy DROP)
> target prot opt source destination
> DROP all -- anywhere anywhere state
> INVALID
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all -- anywhere anywhere
> output_rule all -- anywhere anywhere
> REJECT tcp -- anywhere anywhere reject-
> with
> tcp-reset
> REJECT all -- anywhere anywhere reject-
> with
> icmp-port-unreachable
>
> Chain WiFiDog_AuthServers (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere 81.185.144.61
>
> Chain WiFiDog_Global (1 references)
> target prot opt source destination
> ACCEPT udp -- anywhere 69.90.89.192/27
> ACCEPT udp -- anywhere 69.90.85.0/27
> ACCEPT tcp -- anywhere 69.90.89.205 tcp
> dpt:80
>
> Chain WiFiDog_Known (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain WiFiDog_Locked (1 references)
> target prot opt source destination
> REJECT all -- anywhere anywhere reject-
> with
> icmp-port-unreachable
>
> Chain WiFiDog_Unknown (1 references)
> target prot opt source destination
> ACCEPT udp -- anywhere anywhere udp
> dpt:53
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:53
> ACCEPT udp -- anywhere anywhere udp
> dpt:67
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:67
> REJECT all -- anywhere anywhere reject-
> with
> icmp-port-unreachable
>
> Chain WiFiDog_Validate (1 references)
> target prot opt source destination
> REJECT tcp -- anywhere anywhere tcp
> dpt:25
> reject-with icmp-port-unreachable
> ACCEPT all -- anywhere anywhere
>
> Chain WiFiDog_WIFI2Internet (1 references)
> target prot opt source destination
> WiFiDog_AuthServers all -- anywhere anywhere
> WiFiDog_Locked all -- anywhere anywhere
> MARK match
> 0x254
> WiFiDog_Global all -- anywhere anywhere
> WiFiDog_Validate all -- anywhere anywhere
> MARK
> match 0x1
> WiFiDog_Known all -- anywhere anywhere
> MARK match
> 0x2
> WiFiDog_Unknown all -- anywhere anywhere
>
> Chain forwarding_rule (1 references)
> target prot opt source destination
>
> Chain input_rule (1 references)
> target prot opt source destination
>
> Chain output_rule (1 references)
> target prot opt source destination
> root at OpenWrt:~#
>
> But after reboot the router have the same problems: it doesn't
> distribute
> any IP address and is inaccessible and this with only one bridge.
>
> Theses rules are perhaps applied too much early in the launching of
> openwrt...
>
>
> Loďc
>
> -----Message d'origine-----
> De : wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] De la part de
> wifidog-request at listes.ilesansfil.org
> Envoyé : vendredi 16 septembre 2005 18:00
> Ŕ : wifidog at listes.ilesansfil.org
> Objet : Lot WiFiDog, Vol 8, Parution 22
>
> Send WiFiDog mailing list submissions to
> wifidog at listes.ilesansfil.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> or, via email, send a message with subject or body 'help' to
> wifidog-request at listes.ilesansfil.org
>
> You can reach the person managing the list at
> wifidog-owner at listes.ilesansfil.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of WiFiDog digest..."
>
>
> Thčmes du jour :
>
> 1. Re: RE: Lot WiFiDog, Vol 8, Parution 17 (Max Horváth)
> 2. Re: RE: Lot WiFiDog, Vol 8, Parution 17 (Philippe April)
> 3. Re: RE: Lot WiFiDog, Vol 8, Parution 17 (Max Horváth)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 16 Sep 2005 12:47:33 +0200
> From: Max Horváth <max.horvath at freenet.de>
> Subject: Re: [isf-wifidog] RE: Lot WiFiDog, Vol 8, Parution 17
> To: WiFiDog Captive Portal <wifidog at listes.ilesansfil.org>
> Message-ID: <AEBCB58D-7950-4215-A01E-2A913E46268E at freenet.de>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
> Well, I can confirm that I had the same problems when having two
> bridges ...
>
> That's why I undid to split the LAN from the WLAN ...
>
> Cheers, Max!
>
> Am 16.09.2005 um 07:58 schrieb Philippe April:
>
>
>> So I'm thinking, maybe it's the custom configuration that I use
>> (split the LAN from the WLAN, basically I have two bridges... which
>> only have one interface in each. If you're asking why, it's to be
>> able to do stuff in a more modular way for wds and such).
>>
>> br0 = lan
>> br1 = wifi
>>
>> So maybe that's what's causing the problem? I can't imagine that
>> the default script would not work on a regular router...
>>
>>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 16 Sep 2005 08:25:11 -0400
> From: Philippe April <isf_lists at philippeapril.com>
> Subject: Re: [isf-wifidog] RE: Lot WiFiDog, Vol 8, Parution 17
> To: WiFiDog Captive Portal <wifidog at listes.ilesansfil.org>
> Message-ID: <4367C9C0-5702-46FE-B513-D8EE6F77EB84 at philippeapril.com>
> Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed
>
> It worked after you undid the split?
>
> Philippe April
> GnuPG http://key.philippeapril.com
>
> On 16-Sep-05, at 6:47 AM, Max Horváth wrote:
>
>
>> Well, I can confirm that I had the same problems when having two
>> bridges ...
>>
>> That's why I undid to split the LAN from the WLAN ...
>>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 16 Sep 2005 15:57:36 +0200
> From: Max Horváth <max.horvath at freenet.de>
> Subject: Re: [isf-wifidog] RE: Lot WiFiDog, Vol 8, Parution 17
> To: WiFiDog Captive Portal <wifidog at listes.ilesansfil.org>
> Message-ID: <157DAA4F-C737-4B5E-945D-A09B678E1864 at freenet.de>
> Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed
>
> Well, yes it did ;) ...
>
> Am 16.09.2005 um 14:25 schrieb Philippe April:
>
>
>> It worked after you undid the split?
>>
>> Philippe April
>> GnuPG http://key.philippeapril.com
>>
>> On 16-Sep-05, at 6:47 AM, Max Horváth wrote:
>>
>>
>>
>>> Well, I can confirm that I had the same problems when having two
>>> bridges ...
>>>
>>> That's why I undid to split the LAN from the WLAN ...
>>>
>>>
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>>
>
>
>
> ------------------------------
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> Fin de Lot WiFiDog, Vol 8, Parution 22
> **************************************
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
More information about the WiFiDog
mailing list