[isf-wifidog] Server fails after start button
Ray Gwinn
wifidog at wva.net
Sam 11 Fév 11:42:47 EST 2006
I discovered iptables-save which I think gives a complete dump. Dumps from iptables-save
follow. If you spicifically want the "iptables -t nat -L" and "iptables -t mangle -L" dumps, let
me know.
BTW, a very old wifidog that I downloaded from sorceforge worked. But I needed the trusted
mac support, so I started using the current sources.
There are two dumps below, one is before wifidog is execute and the other is after wifidog is
executed.
-------------iptables-save output before wifidog--------------------------------
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:07:56 2006
*nat
:PREROUTING ACCEPT [20:2227]
:POSTROUTING ACCEPT [10:728]
:OUTPUT ACCEPT [13:908]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat Feb 11 16:07:56 2006
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:07:56 2006
*mangle
:PREROUTING ACCEPT [332:28242]
:INPUT ACCEPT [238:20601]
:FORWARD ACCEPT [84:6132]
:OUTPUT ACCEPT [370:36821]
:POSTROUTING ACCEPT [454:42953]
COMMIT
# Completed on Sat Feb 11 16:07:56 2006
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:07:56 2006
*filter
:INPUT ACCEPT [238:20601]
:FORWARD ACCEPT [84:6132]
:OUTPUT ACCEPT [370:36821]
COMMIT
# Completed on Sat Feb 11 16:07:56 2006
-------------iptables-save output after wifidog--------------------------------
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:22:26 2006
*nat
:PREROUTING ACCEPT [11:710]
:POSTROUTING ACCEPT [6:420]
:OUTPUT ACCEPT [10:660]
:WiFiDog_AuthServers - [0:0]
:WiFiDog_Global - [0:0]
:WiFiDog_Outgoing - [0:0]
:WiFiDog_Unknown - [0:0]
:WiFiDog_WIFI2Internet - [0:0]
:WiFiDog_WIFI2Router - [0:0]
-A PREROUTING -i br0 -j WiFiDog_Outgoing
-A POSTROUTING -o eth0 -j MASQUERADE
-A WiFiDog_AuthServers -d 199.248.240.100 -j ACCEPT
-A WiFiDog_Outgoing -d 10.0.100.1 -j WiFiDog_WIFI2Router
-A WiFiDog_Outgoing -j WiFiDog_WIFI2Internet
-A WiFiDog_Unknown -j WiFiDog_AuthServers
-A WiFiDog_Unknown -j WiFiDog_Global
-A WiFiDog_Unknown -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 2060
-A WiFiDog_WIFI2Internet -m mark --mark 0x2 -j ACCEPT
-A WiFiDog_WIFI2Internet -m mark --mark 0x1 -j ACCEPT
-A WiFiDog_WIFI2Internet -j WiFiDog_Unknown
-A WiFiDog_WIFI2Router -j ACCEPT
COMMIT
# Completed on Sat Feb 11 16:22:26 2006
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:22:26 2006
*mangle
:PREROUTING ACCEPT [249:20098]
:INPUT ACCEPT [219:17945]
:FORWARD ACCEPT [28:1995]
:OUTPUT ACCEPT [202:29954]
:POSTROUTING ACCEPT [230:31949]
:WiFiDog_Incoming - [0:0]
:WiFiDog_Outgoing - [0:0]
:WiFiDog_Trusted - [0:0]
-A PREROUTING -i br0 -j WiFiDog_Trusted
-A PREROUTING -i br0 -j WiFiDog_Outgoing
-A POSTROUTING -o br0 -j WiFiDog_Incoming
COMMIT
# Completed on Sat Feb 11 16:22:26 2006
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:22:26 2006
*filter
:INPUT ACCEPT [219:17945]
:FORWARD ACCEPT [20:1573]
:OUTPUT ACCEPT [202:29954]
:WiFiDog_AuthServers - [0:0]
:WiFiDog_Global - [0:0]
:WiFiDog_Known - [0:0]
:WiFiDog_Locked - [0:0]
:WiFiDog_Unknown - [0:0]
:WiFiDog_Validate - [0:0]
:WiFiDog_WIFI2Internet - [0:0]
-A FORWARD -i br0 -j WiFiDog_WIFI2Internet
-A WiFiDog_AuthServers -d 199.248.240.100 -j ACCEPT
-A WiFiDog_Known -j ACCEPT
-A WiFiDog_Locked -j REJECT --reject-with icmp-port-unreachable
-A WiFiDog_Unknown -p udp -m udp --dport 53 -j ACCEPT
-A WiFiDog_Unknown -p tcp -m tcp --dport 53 -j ACCEPT
-A WiFiDog_Unknown -p udp -m udp --dport 67 -j ACCEPT
-A WiFiDog_Unknown -p tcp -m tcp --dport 67 -j ACCEPT
-A WiFiDog_Unknown -j REJECT --reject-with icmp-port-unreachable
-A WiFiDog_Validate -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
-A WiFiDog_Validate -j ACCEPT
-A WiFiDog_WIFI2Internet -j WiFiDog_AuthServers
-A WiFiDog_WIFI2Internet -m mark --mark 0x254 -j WiFiDog_Locked
-A WiFiDog_WIFI2Internet -j WiFiDog_Global
-A WiFiDog_WIFI2Internet -m mark --mark 0x1 -j WiFiDog_Validate
-A WiFiDog_WIFI2Internet -m mark --mark 0x2 -j WiFiDog_Known
-A WiFiDog_WIFI2Internet -j WiFiDog_Unknown
COMMIT
# Completed on Sat Feb 11 16:22:26 2006
On 11 Feb 2006 at 2:40, Alexandre Carmel-Veilleux wrote:
> Woops, I probably moved too fast on this.
>
> I forgot to ask for a dump of the mangle and nat tables,
>
> iptables -t nat -L
>
> and
>
> iptables -t mangle -L
>
> Alex
>
> On 2/11/06, Alexandre Carmel-Veilleux <acveilleux at gmail.com> wrote:
> > On 2/10/06, Ray Gwinn <wifidog at wva.net> wrote:
> > > [snip]
> > > Chain WiFiDog_WIFI2Internet (1 references)
> > > target prot opt source destination
> > > WiFiDog_AuthServers all -- anywhere anywhere
> > > WiFiDog_Locked all -- anywhere anywhere MARK match 0x254
> > > WiFiDog_Global all -- anywhere anywhere
> > > WiFiDog_Validate all -- anywhere anywhere MARK match 0x1
> > > WiFiDog_Known all -- anywhere anywhere MARK match 0x2
> > > WiFiDog_Unknown all -- anywhere anywhere
> >
> > Some of the firewall tables are not being created.
> >
> > Including:
> >
> > WiFiDog_Incoming
> > WiFiDog_Outgoing
> >
> > This is very strange indeed. I would try to run all the iptables
> > command from the log file in order and use that diagnose the problem
> > more in depth. I think the problem is external to wifidog, but it's
> > very hard to tell.
> >
> > Alex
> >
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
More information about the WiFiDog
mailing list