Re: [isf-wifidog] Problème firewalling WRT54G
Philippe April
isf_lists at philippeapril.com
Dim 18 Sep 01:59:03 EDT 2005
I'll run some good tests, because we've been having this problem
lately, and: it sucks.
The light tests I have done:
1. Disabling wifidog (chmod 0000 /etc/init.d/S65wifidog) doesn't
help, when I boot I can not get DHCP, can't connect to router,
nothing, nada.
2. It seems it's related to a configuration where we split LAN and WIFI.
3. If I disable the /etc/init.d/S45firewall script and boot, it boots
well. If I start it by hand, it installs the rules fine. Start
wifidog after, no problem.
Now, is it because wifidog installs some extra iptables modules and a
bug is there?
Or.. maybe... whiterussian would just not run well anyway and wifidog
has nothing to do with it? If wifidog is disabled, I have a hard time
seeing what could be causing a problem.
Something else I would like to add (quite important!):
when you start wifidog, it takes a little while to install the
firewall rules and it forked already when it does it.
That being said, if you have S41wifidog, it might be adding rules
CONCURRENTLY with /etc/init.d/S45firewall ! (could be dangerous). So
it's best to have it start after anyway. No it's not a clean fix to
start it before (even if maybe it works) and should be avoided, we
need to find the source of the problem.
I'll investigate (tomorrow if I have time) what's going on with this.
I'll try it on my router (if I still have it) on which I have serial
console.
Philippe April
GnuPG http://key.philippeapril.com
On 17-Sep-05, at 1:38 PM, kaouete wrote:
> Ok,
>
> so, after a few tests there is the results :
>
> i installed a fresh openwrt whiterussian rc3
> then i installed wifidog, modified the wifidog.conf, restarted the
> wrt.
>
> 1) without touching firewall script and cie :
> S65wifidog is started after S45firewall :
> if i try to connect to a website with a wifi client i get the
> wifidog auth page
> BUT i can anyway ssh to the net or any other port than 80.
>
> 2) now i mv S65wifidog to S41wifidog (so it is started before
> S45firewall), i comment the iptables flushing tables and cie and
> add a sleep 10 at the beginning of the file to be sure that
> wifidog have the time to load all of its rules.
>
> with a wifi client if i connect to the net : i get the wifidog
> auth portal
> AND i cant access to the net with anything without beeing authed
> \o/
>
> concrusion : the openwrt out-of-box is not compatible with wifidog
> for the moment. I think there should be a nicer way to fix it by
> modifiing wifidog rules .. .. or note :]
>
> kaouete
>
> On Thu, Sep 15, 2005 at 02:33:17PM +0200, kaouete wrote:
>
>> ho, sorry :]
>>
>> Follow the link of the bug on sourceforge.
>>
>> For me the problem is that the openwrt firewall script breaks the
>> iptables rules used by wifidog,
>>
>> but maybe it is working anyway, i will do more tests (and maybe other
>> people too :) and will tell you if there are problems and if yes,
>> what are they :]
>>
>> kaouete
>>
>> On Thu, Sep 15, 2005 at 02:17:54PM +0200, Max Horváth wrote:
>>
>>> Hey guys,
>>>
>>> I just those two words problem and firewall.
>>>
>>> As I can't read french, so I'd like to ask you, what kind of problem
>>> exists and if you could translate it for me.
>>>
>>> Thanks and cheers, Max!
>>>
>>> Am 15.09.2005 um 13:16 schrieb kaouete:
>>>
>>>
>>>> ok, alors je ferais des tests alors, je vous dirais ce que j'ai
>>>> trouvé.
>>>>
>>>> kaouete
>>>>
>>>> On Thu, Sep 15, 2005 at 07:08:25AM -0400, Philippe April wrote:
>>>>
>>>>
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> En fait, je viens de relire le bug report et ma réponse à
>>>>> propos de
>>>>> mauvais iptables ne s'applique peut-être pas à 100%, l'auteur
>>>>> semble
>>>>> dire que c'est vraiment un problème d'ordre.
>>>>>
>>>>> Ceci étant dit, le plus de feedback de personnes externes on
>>>>> aura, le
>>>>> mieux on saura si tout est beau maintenant :)
>>>>>
>>>>> Tiens-nous au courant!
>>>>>
>>>>> Philippe April
>>>>> GnuPG http://key.philippeapril.com
>>>>>
>>>>> On 15-Sep-05, at 6:54 AM, kaouete wrote:
>>>>>
>>>>>
>>>>>
>>>>>> A ce propos, et en rapport avec ce bug :
>>>>>> https://sourceforge.net/tracker/index.php?
>>>>>> func=detail&aid=1210428&group_id=102646&atid=632424
>>>>>>
>>>>>> est-ce que ce probleme est reglé avec whiterussian ?
>>>>>>
>>>>>> (et il y a ausii d'autres bug sinon de reportés :)
>>>>>>
>>>>>> kaouete
>>>>>>
>>>>>> On Wed, Sep 14, 2005 at 10:54:46PM -0400, Philippe April wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>> Hash: SHA1
>>>>>>>
>>>>>>> Disons que dernièrement je me suis mis plus à date, et ISF va
>>>>>>> maintenant commencer à utiliser OpenWrt Whiterussian.
>>>>>>>
>>>>>>> Ce qui veut dire, que nous avons un package compilé pour
>>>>>>> whiterussian
>>>>>>> et qu'on va le tenir à jour!
>>>>>>>
>>>>>>> Donc, cette image (qui vient en fait du site d'openwrt):
>>>>>>> http://www.ilesansfil.org/dist/wifidog/bin/openwrt/whiterussian-
>>>>>>> rc2/
>>>>>>> openwrt-wrt54g-squashfs.bin
>>>>>>>
>>>>>>> et ce package:
>>>>>>>
>>>>>>> http://www.ilesansfil.org/dist/wifidog/bin/openwrt/whiterussian-
>>>>>>> rc2/
>>>>>>> packages/wifidog_1.1.2-1_mipsel.ipk
>>>>>>>
>>>>>>> Les deux devraient fonctionner parfaitement! Et puis ça devrait
>>>>>>> installer toutes les dépendences.
>>>>>>>
>>>>>>> Fait important: il faut utiliser /etc/init.d/S65wifidog (ou
>>>>>>> wifidog-
>>>>>>> init start) pour partir wifidog afin qu'il load les modules du
>>>>>>> kernel
>>>>>>> dont wifidog dépend.
>>>>>>>
>>>>>>> L'image openwrt, est pour un WRT54G et non pas un WRT54GS, pour
>>>>>>> la S
>>>>>>> on peut la trouver au même lien, ou sur le site d'openwrt.
>>>>>>>
>>>>>>> Tenez-nous au courant!
>>>>>>>
>>>>>>> Philippe April
>>>>>>> GnuPG http://key.philippeapril.com
>>>>>>>
>>>>>>> On 14-Sep-05, at 9:58 PM, Loïc DEVAUX wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> <image001.gif>
>>>>>>>> Salut,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Je viens de finir l???installation de l???auth server qui
>>>>>>>> s???est
>>>>>>>> passée
>>>>>>>> à merveille sur une debian sarge, merci pour votre magnifique
>>>>>>>> travail.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Seulement j???ai des problèmes lors de l???installation de
>>>>>>>> wifidog
>>>>>>>> client sur un WRT54G.
>>>>>>>>
>>>>>>>> Quelle version d???openwrt et quelle version de wifidog dois je
>>>>>>>> utiliser pour ne pas avoir de problèmes ?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Merci d???avance pour votre réponse.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Loïc DEVAUX
>>>>>>>>
>>>>>>>> 10 rue des mésanges
>>>>>>>>
>>>>>>>> 63170 AUBIERE France
>>>>>>>>
>>>>>>>> (: (+33) 6 63 69 76 09
>>>>>>>>
>>>>>>>> *: loic.devaux99 at laposte.net
>>>>>>>>
>>>>>>>> Skype : mioz963
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <image001.gif>
>>>>>>>> _______________________________________________
>>>>>>>> WiFiDog mailing list
>>>>>>>> WiFiDog at listes.ilesansfil.org
>>>>>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>> Version: GnuPG v1.2.4 (Darwin)
>>>>>>>
>>>>>>> iD8DBQFDKOJ3Oq+Ep5Xn/aARAkXoAJ93s8aZTuhO2qnRkXDHKyfP4qSbeACfel23
>>>>>>> JJvL2yATW5hSliOPoMXsT9M=
>>>>>>> =TXoM
>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> _______________________________________________
>>>>>>> WiFiDog mailing list
>>>>>>> WiFiDog at listes.ilesansfil.org
>>>>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> WiFiDog mailing list
>>>>>> WiFiDog at listes.ilesansfil.org
>>>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>>>
>>>>>>
>>>>>
>>>>> -----BEGIN PGP SIGNATURE-----
>>>>> Version: GnuPG v1.2.4 (Darwin)
>>>>>
>>>>> iD8DBQFDKVYpOq+Ep5Xn/aARAgscAKDCcBMgHzY4ZM0PvQe0M5sRwNxM1wCaA9u6
>>>>> vI5Dym6xZK8pjjtT0aojUFQ=
>>>>> =7Fgh
>>>>> -----END PGP SIGNATURE-----
>>>>> _______________________________________________
>>>>> WiFiDog mailing list
>>>>> WiFiDog at listes.ilesansfil.org
>>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>>
>>>>>
>>>> _______________________________________________
>>>> WiFiDog mailing list
>>>> WiFiDog at listes.ilesansfil.org
>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>
>
>
>
>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
More information about the WiFiDog
mailing list