[isf-wifidog] Problème firewalling WRT54G
kaouete
kaouete at crazydwarves.org
Dim 18 Sep 06:11:16 EDT 2005
i added a sleep 10 at te beginning of S45firewall to avoid rules
being inserted concurently.
anyway it is working like that for me and not if i start it after.
i will not change my conclusion ^^
but i think we should not confuse the firewall problem i described
with your problem when you split lan and wlan.
maybe it is just a misconfiguration in dnsmasq or something like
that., is S45wifidog is not started it is just like wifidog was
not installed, so there should be no link.
kaouete
On Sun, Sep 18, 2005 at 01:59:03AM -0400, Philippe April wrote:
> I'll run some good tests, because we've been having this problem
> lately, and: it sucks.
>
> The light tests I have done:
>
> 1. Disabling wifidog (chmod 0000 /etc/init.d/S65wifidog) doesn't
> help, when I boot I can not get DHCP, can't connect to router,
> nothing, nada.
> 2. It seems it's related to a configuration where we split LAN and WIFI.
> 3. If I disable the /etc/init.d/S45firewall script and boot, it boots
> well. If I start it by hand, it installs the rules fine. Start
> wifidog after, no problem.
>
> Now, is it because wifidog installs some extra iptables modules and a
> bug is there?
> Or.. maybe... whiterussian would just not run well anyway and wifidog
> has nothing to do with it? If wifidog is disabled, I have a hard time
> seeing what could be causing a problem.
>
> Something else I would like to add (quite important!):
>
> when you start wifidog, it takes a little while to install the
> firewall rules and it forked already when it does it.
>
> That being said, if you have S41wifidog, it might be adding rules
> CONCURRENTLY with /etc/init.d/S45firewall ! (could be dangerous). So
> it's best to have it start after anyway. No it's not a clean fix to
> start it before (even if maybe it works) and should be avoided, we
> need to find the source of the problem.
>
> I'll investigate (tomorrow if I have time) what's going on with this.
> I'll try it on my router (if I still have it) on which I have serial
> console.
>
> Philippe April
> GnuPG http://key.philippeapril.com
>
> On 17-Sep-05, at 1:38 PM, kaouete wrote:
>
> >Ok,
> >
> >so, after a few tests there is the results :
> >
> >i installed a fresh openwrt whiterussian rc3
> >then i installed wifidog, modified the wifidog.conf, restarted the
> >wrt.
> >
> >1) without touching firewall script and cie :
> >S65wifidog is started after S45firewall :
> >if i try to connect to a website with a wifi client i get the
> >wifidog auth page
> >BUT i can anyway ssh to the net or any other port than 80.
> >
> >2) now i mv S65wifidog to S41wifidog (so it is started before
> >S45firewall), i comment the iptables flushing tables and cie and
> >add a sleep 10 at the beginning of the file to be sure that
> >wifidog have the time to load all of its rules.
> >
> >with a wifi client if i connect to the net : i get the wifidog
> >auth portal
> >AND i cant access to the net with anything without beeing authed
> >\o/
> >
> >concrusion : the openwrt out-of-box is not compatible with wifidog
> >for the moment. I think there should be a nicer way to fix it by
> >modifiing wifidog rules .. .. or note :]
> >
> >kaouete
> >
> >On Thu, Sep 15, 2005 at 02:33:17PM +0200, kaouete wrote:
> >
> >>ho, sorry :]
> >>
> >>Follow the link of the bug on sourceforge.
> >>
> >>For me the problem is that the openwrt firewall script breaks the
> >>iptables rules used by wifidog,
> >>
> >>but maybe it is working anyway, i will do more tests (and maybe other
> >>people too :) and will tell you if there are problems and if yes,
> >>what are they :]
> >>
> >>kaouete
> >>
> >>On Thu, Sep 15, 2005 at 02:17:54PM +0200, Max Horváth wrote:
> >>
> >>>Hey guys,
> >>>
> >>>I just those two words problem and firewall.
> >>>
> >>>As I can't read french, so I'd like to ask you, what kind of problem
> >>>exists and if you could translate it for me.
> >>>
> >>>Thanks and cheers, Max!
> >>>
> >>>Am 15.09.2005 um 13:16 schrieb kaouete:
> >>>
> >>>
> >>>>ok, alors je ferais des tests alors, je vous dirais ce que j'ai
> >>>>trouvé.
> >>>>
> >>>>kaouete
> >>>>
> >>>>On Thu, Sep 15, 2005 at 07:08:25AM -0400, Philippe April wrote:
> >>>>
> >>>>
> >>>>>-----BEGIN PGP SIGNED MESSAGE-----
> >>>>>Hash: SHA1
> >>>>>
> >>>>>En fait, je viens de relire le bug report et ma réponse à
> >>>>>propos de
> >>>>>mauvais iptables ne s'applique peut-être pas à 100%, l'auteur
> >>>>>semble
> >>>>>dire que c'est vraiment un problème d'ordre.
> >>>>>
> >>>>>Ceci étant dit, le plus de feedback de personnes externes on
> >>>>>aura, le
> >>>>>mieux on saura si tout est beau maintenant :)
> >>>>>
> >>>>>Tiens-nous au courant!
> >>>>>
> >>>>>Philippe April
> >>>>>GnuPG http://key.philippeapril.com
> >>>>>
> >>>>>On 15-Sep-05, at 6:54 AM, kaouete wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>>A ce propos, et en rapport avec ce bug :
> >>>>>>https://sourceforge.net/tracker/index.php?
> >>>>>>func=detail&aid=1210428&group_id=102646&atid=632424
> >>>>>>
> >>>>>>est-ce que ce probleme est reglé avec whiterussian ?
> >>>>>>
> >>>>>>(et il y a ausii d'autres bug sinon de reportés :)
> >>>>>>
> >>>>>>kaouete
> >>>>>>
> >>>>>>On Wed, Sep 14, 2005 at 10:54:46PM -0400, Philippe April wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>-----BEGIN PGP SIGNED MESSAGE-----
> >>>>>>>Hash: SHA1
> >>>>>>>
> >>>>>>>Disons que dernièrement je me suis mis plus à date, et ISF va
> >>>>>>>maintenant commencer à utiliser OpenWrt Whiterussian.
> >>>>>>>
> >>>>>>>Ce qui veut dire, que nous avons un package compilé pour
> >>>>>>>whiterussian
> >>>>>>>et qu'on va le tenir à jour!
> >>>>>>>
> >>>>>>>Donc, cette image (qui vient en fait du site d'openwrt):
> >>>>>>>http://www.ilesansfil.org/dist/wifidog/bin/openwrt/whiterussian-
> >>>>>>>rc2/
> >>>>>>>openwrt-wrt54g-squashfs.bin
> >>>>>>>
> >>>>>>>et ce package:
> >>>>>>>
> >>>>>>>http://www.ilesansfil.org/dist/wifidog/bin/openwrt/whiterussian-
> >>>>>>>rc2/
> >>>>>>>packages/wifidog_1.1.2-1_mipsel.ipk
> >>>>>>>
> >>>>>>>Les deux devraient fonctionner parfaitement! Et puis ça devrait
> >>>>>>>installer toutes les dépendences.
> >>>>>>>
> >>>>>>>Fait important: il faut utiliser /etc/init.d/S65wifidog (ou
> >>>>>>>wifidog-
> >>>>>>>init start) pour partir wifidog afin qu'il load les modules du
> >>>>>>>kernel
> >>>>>>>dont wifidog dépend.
> >>>>>>>
> >>>>>>>L'image openwrt, est pour un WRT54G et non pas un WRT54GS, pour
> >>>>>>>la S
> >>>>>>>on peut la trouver au même lien, ou sur le site d'openwrt.
> >>>>>>>
> >>>>>>>Tenez-nous au courant!
> >>>>>>>
> >>>>>>>Philippe April
> >>>>>>>GnuPG http://key.philippeapril.com
> >>>>>>>
> >>>>>>>On 14-Sep-05, at 9:58 PM, Loïc DEVAUX wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>><image001.gif>
> >>>>>>>>Salut,
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>Je viens de finir l???installation de l???auth server qui
> >>>>>>>>s???est
> >>>>>>>>passée
> >>>>>>>>à merveille sur une debian sarge, merci pour votre magnifique
> >>>>>>>>travail.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>Seulement j???ai des problèmes lors de l???installation de
> >>>>>>>>wifidog
> >>>>>>>>client sur un WRT54G.
> >>>>>>>>
> >>>>>>>>Quelle version d???openwrt et quelle version de wifidog dois je
> >>>>>>>>utiliser pour ne pas avoir de problèmes ?
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>Merci d???avance pour votre réponse.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>Loïc DEVAUX
> >>>>>>>>
> >>>>>>>>10 rue des mésanges
> >>>>>>>>
> >>>>>>>>63170 AUBIERE France
> >>>>>>>>
> >>>>>>>>(: (+33) 6 63 69 76 09
> >>>>>>>>
> >>>>>>>>*: loic.devaux99 at laposte.net
> >>>>>>>>
> >>>>>>>>Skype : mioz963
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>><image001.gif>
> >>>>>>>>_______________________________________________
> >>>>>>>>WiFiDog mailing list
> >>>>>>>>WiFiDog at listes.ilesansfil.org
> >>>>>>>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>-----BEGIN PGP SIGNATURE-----
> >>>>>>>Version: GnuPG v1.2.4 (Darwin)
> >>>>>>>
> >>>>>>>iD8DBQFDKOJ3Oq+Ep5Xn/aARAkXoAJ93s8aZTuhO2qnRkXDHKyfP4qSbeACfel23
> >>>>>>>JJvL2yATW5hSliOPoMXsT9M=
> >>>>>>>=TXoM
> >>>>>>>-----END PGP SIGNATURE-----
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>_______________________________________________
> >>>>>>>WiFiDog mailing list
> >>>>>>>WiFiDog at listes.ilesansfil.org
> >>>>>>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>_______________________________________________
> >>>>>>WiFiDog mailing list
> >>>>>>WiFiDog at listes.ilesansfil.org
> >>>>>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>-----BEGIN PGP SIGNATURE-----
> >>>>>Version: GnuPG v1.2.4 (Darwin)
> >>>>>
> >>>>>iD8DBQFDKVYpOq+Ep5Xn/aARAgscAKDCcBMgHzY4ZM0PvQe0M5sRwNxM1wCaA9u6
> >>>>>vI5Dym6xZK8pjjtT0aojUFQ=
> >>>>>=7Fgh
> >>>>>-----END PGP SIGNATURE-----
> >>>>>_______________________________________________
> >>>>>WiFiDog mailing list
> >>>>>WiFiDog at listes.ilesansfil.org
> >>>>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>>>>
> >>>>>
> >>>>_______________________________________________
> >>>>WiFiDog mailing list
> >>>>WiFiDog at listes.ilesansfil.org
> >>>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>>>
> >>>
> >>>_______________________________________________
> >>>WiFiDog mailing list
> >>>WiFiDog at listes.ilesansfil.org
> >>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>>
> >
> >
> >
> >
> >>_______________________________________________
> >>WiFiDog mailing list
> >>WiFiDog at listes.ilesansfil.org
> >>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>
> >_______________________________________________
> >WiFiDog mailing list
> >WiFiDog at listes.ilesansfil.org
> >http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 189 octets
Desc: Digital signature
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20050918/e6ef86d1/attachment.pgp
More information about the WiFiDog
mailing list