[isf-wifidog] Server fails after start button

Ray Gwinn wifidog at wva.net
Sam 11 Fév 11:42:47 EST 2006 

I discovered iptables-save which I think gives a complete dump. Dumps from iptables-save 
follow.  If you spicifically want the "iptables -t nat -L" and "iptables -t mangle -L" dumps, let 
me know.

BTW, a very old wifidog that I downloaded from sorceforge worked.  But I needed the trusted 
mac support, so I started using the current sources.

There are two dumps below, one is before wifidog is execute and the other is after wifidog is 
executed.


-------------iptables-save output before wifidog--------------------------------
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:07:56 2006
*nat
:PREROUTING ACCEPT [20:2227]
:POSTROUTING ACCEPT [10:728]
:OUTPUT ACCEPT [13:908]
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT
# Completed on Sat Feb 11 16:07:56 2006
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:07:56 2006
*mangle
:PREROUTING ACCEPT [332:28242]
:INPUT ACCEPT [238:20601]
:FORWARD ACCEPT [84:6132]
:OUTPUT ACCEPT [370:36821]
:POSTROUTING ACCEPT [454:42953]
COMMIT
# Completed on Sat Feb 11 16:07:56 2006
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:07:56 2006
*filter
:INPUT ACCEPT [238:20601]
:FORWARD ACCEPT [84:6132]
:OUTPUT ACCEPT [370:36821]
COMMIT
# Completed on Sat Feb 11 16:07:56 2006

-------------iptables-save output after wifidog--------------------------------

# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:22:26 2006
*nat
:PREROUTING ACCEPT [11:710]
:POSTROUTING ACCEPT [6:420]
:OUTPUT ACCEPT [10:660]
:WiFiDog_AuthServers - [0:0]
:WiFiDog_Global - [0:0]
:WiFiDog_Outgoing - [0:0]
:WiFiDog_Unknown - [0:0]
:WiFiDog_WIFI2Internet - [0:0]
:WiFiDog_WIFI2Router - [0:0]
-A PREROUTING -i br0 -j WiFiDog_Outgoing 
-A POSTROUTING -o eth0 -j MASQUERADE 
-A WiFiDog_AuthServers -d 199.248.240.100 -j ACCEPT 
-A WiFiDog_Outgoing -d 10.0.100.1 -j WiFiDog_WIFI2Router 
-A WiFiDog_Outgoing -j WiFiDog_WIFI2Internet 
-A WiFiDog_Unknown -j WiFiDog_AuthServers 
-A WiFiDog_Unknown -j WiFiDog_Global 
-A WiFiDog_Unknown -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 2060 
-A WiFiDog_WIFI2Internet -m mark --mark 0x2 -j ACCEPT 
-A WiFiDog_WIFI2Internet -m mark --mark 0x1 -j ACCEPT 
-A WiFiDog_WIFI2Internet -j WiFiDog_Unknown 
-A WiFiDog_WIFI2Router -j ACCEPT 
COMMIT
# Completed on Sat Feb 11 16:22:26 2006
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:22:26 2006
*mangle
:PREROUTING ACCEPT [249:20098]
:INPUT ACCEPT [219:17945]
:FORWARD ACCEPT [28:1995]
:OUTPUT ACCEPT [202:29954]
:POSTROUTING ACCEPT [230:31949]
:WiFiDog_Incoming - [0:0]
:WiFiDog_Outgoing - [0:0]
:WiFiDog_Trusted - [0:0]
-A PREROUTING -i br0 -j WiFiDog_Trusted 
-A PREROUTING -i br0 -j WiFiDog_Outgoing 
-A POSTROUTING -o br0 -j WiFiDog_Incoming 
COMMIT
# Completed on Sat Feb 11 16:22:26 2006
# Generated by iptables-save v1.2.7a-20021209 on Sat Feb 11 16:22:26 2006
*filter
:INPUT ACCEPT [219:17945]
:FORWARD ACCEPT [20:1573]
:OUTPUT ACCEPT [202:29954]
:WiFiDog_AuthServers - [0:0]
:WiFiDog_Global - [0:0]
:WiFiDog_Known - [0:0]
:WiFiDog_Locked - [0:0]
:WiFiDog_Unknown - [0:0]
:WiFiDog_Validate - [0:0]
:WiFiDog_WIFI2Internet - [0:0]
-A FORWARD -i br0 -j WiFiDog_WIFI2Internet 
-A WiFiDog_AuthServers -d 199.248.240.100 -j ACCEPT 
-A WiFiDog_Known -j ACCEPT 
-A WiFiDog_Locked -j REJECT --reject-with icmp-port-unreachable 
-A WiFiDog_Unknown -p udp -m udp --dport 53 -j ACCEPT 
-A WiFiDog_Unknown -p tcp -m tcp --dport 53 -j ACCEPT 
-A WiFiDog_Unknown -p udp -m udp --dport 67 -j ACCEPT 
-A WiFiDog_Unknown -p tcp -m tcp --dport 67 -j ACCEPT 
-A WiFiDog_Unknown -j REJECT --reject-with icmp-port-unreachable 
-A WiFiDog_Validate -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable 
-A WiFiDog_Validate -j ACCEPT 
-A WiFiDog_WIFI2Internet -j WiFiDog_AuthServers 
-A WiFiDog_WIFI2Internet -m mark --mark 0x254 -j WiFiDog_Locked 
-A WiFiDog_WIFI2Internet -j WiFiDog_Global 
-A WiFiDog_WIFI2Internet -m mark --mark 0x1 -j WiFiDog_Validate 
-A WiFiDog_WIFI2Internet -m mark --mark 0x2 -j WiFiDog_Known 
-A WiFiDog_WIFI2Internet -j WiFiDog_Unknown 
COMMIT
# Completed on Sat Feb 11 16:22:26 2006



On 11 Feb 2006 at 2:40, Alexandre Carmel-Veilleux wrote:

> Woops, I probably moved too fast on this.
> 
> I forgot to ask for a dump of the mangle and nat tables,
> 
> iptables -t nat -L
> 
> and
> 
> iptables -t mangle -L
> 
> Alex
> 
> On 2/11/06, Alexandre Carmel-Veilleux <acveilleux at gmail.com> wrote:
> > On 2/10/06, Ray Gwinn <wifidog at wva.net> wrote:
> > > [snip]
> > > Chain WiFiDog_WIFI2Internet (1 references)
> > > target     prot opt source               destination
> > > WiFiDog_AuthServers  all  --  anywhere             anywhere
> > > WiFiDog_Locked  all  --  anywhere             anywhere           MARK match 0x254
> > > WiFiDog_Global  all  --  anywhere             anywhere
> > > WiFiDog_Validate  all  --  anywhere             anywhere           MARK match 0x1
> > > WiFiDog_Known  all  --  anywhere             anywhere           MARK match 0x2
> > > WiFiDog_Unknown  all  --  anywhere             anywhere
> >
> > Some of the firewall tables are not being created.
> >
> > Including:
> >
> > WiFiDog_Incoming
> > WiFiDog_Outgoing
> >
> > This is very strange indeed. I would try to run all the iptables
> > command from the log file in order and use that diagnose the problem
> > more in depth. I think the problem is external to wifidog, but it's
> > very hard to tell.
> >
> > Alex
> >
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

More information about the WiFiDog mailing list