[isf-wifidog] openwrt, wifidog & iptables/nat

Samuel Leathers disasm at gentux.org
Mar 4 Juil 00:47:10 EDT 2006


I've tried disabling the firewall script (chmod 444), which loses all
routing capability (can ssh into router and ping fine, just not from
clients behind router). I have a NAT setup, where vlan1 will have an ip
from the provider, and br0 will be 192.168.1.1.

my auth server is wifidog.gentux.org. It's using vhosts, so the ip won't
bring up the auth page, it has to go by the dns name.

Looking for suggestions,

Sam

here is my wifidog.conf:
# $Header: /cvsroot/wifidog/wifidog/wifidog.conf,v 1.24 2005/04/28
23:26:30 minaguib Exp $
# WiFiDog Configuration file

# Parameter: GatewayID
# Default: default
# Optional but essential for monitoring purposes
#
# Set this to the template ID on the auth server
# this is used to give a customized login page to the clients
# If none is supplied, the default login page will be used.

GatewayID mteagle

# Parameter: ExternalInterface
# Default: NONE
# Optional
#
# Set this to the external interface.  Typically vlan1 for OpenWrt, and
eth0 or ppp0 otherwise

ExternalInterface vlan1

# Parameter: GatewayInterface
# Default: NONE
# Mandatory
#
# Set this to the internal interface.    Typically br0 for OpenWrt, and
eth1 otherwise

GatewayInterface br0

# Parameter: GatewayAddress
# Default: Find it from GatewayInterface
# Optional
#
# Set this to the internal IP address of the gateway

GatewayAddress 192.168.1.1

# Parameter: AuthServMaxTries
# Default: 1
# Optional
#
# Sets the number of auth servers the gateway will attempt to contact when
a request fails.
# this number should be equal to the number of AuthServer lines in this
# configuration but it should probably not exceed 3.

#AuthServMaxTries 3

# Parameter: AuthServer
# Default: NONE
# Mandatory
#
# Set this to the hostname or IP of your auth server, the path where
# WiFiDog-auth resides  and optionally as a second argument, the port it
# listens on.
AuthServer {
	Hostname wifidog.gentux.org
	SSLAvailable no
	Path /
}

#AuthServer {
#    Hostname auth.ilesansfil.org
#    SSLAvailable yes
#    Path /
#}

#AuthServer {
#    Hostname auth2.ilesansfil.org
#    SSLAvailable yes
#    Path /
#}

#AuthServer {
#    Hostname auth3.ilesansfil.org
#    SSLAvailable yes
#    Path /
#}

# Parameter: Daemon
# Default: 1
# Optional
#
# Set this to true if you want to run as a daemon
Daemon 1

# Parameter: GatewayPort
# Default: 2060
# Optional
#
# Listen on this port
GatewayPort 2060

# Parameter: HTTPDName
# Default: WiFiDog
# Optional
#
# Define what name the HTTPD server will respond
HTTPDName WiFiDog

# Parameter: HTTPDMaxConn
# Default: 10
# Optional
#
# How many sockets to listen to
HTTPDMaxConn 100

# Parameter: CheckInterval
# Default: 60
# Optional
#
# How many seconds should we wait between timeout checks
CheckInterval 60

# Parameter: ClientTimeout
# Default: 5
# Optional
#
# Set this to the desired of number of CheckInterval of inactivity before
a client is logged out
# The timeout will be INTERVAL * TIMEOUT
ClientTimeout 5

# Parameter: FirewallRuleSet
# Default: none
# Mandatory
#
# Groups a number of FirewallRule statements together.

# Parameter: FirewallRule
# Default: none
#
# Define one firewall rule in a rule set.

# Rule Set: global
#
# Used for rules to be applied to all other rulesets except locked.
# This is the default config for the Teliphone service.
FirewallRuleSet global {
    FireWallRule allow to 12.28.197.222/0
}

# Rule Set: validating-users
#
# Used for new users validating their account
FirewallRuleSet validating-users {
   FirewallRule block tcp port 25
   FirewallRule allow to 0.0.0.0/0
}

# Rule Set: known-users
#
# Used for normal validated users.
FirewallRuleSet known-users {
    FirewallRule allow to 0.0.0.0/0
}

# Rule Set: unknown-users
#
# Used for unvalidated users, this is the ruleset that gets redirected.
#
# XXX The redirect code adds the Default DROP clause.
FirewallRuleSet unknown-users {
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 67
    FirewallRule allow tcp port 67
}

# Rule Set: locked-users
#
# Used for users that have been locked out.
FirewallRuleSet locked-users {
    FirewallRule block to 0.0.0.0/0
}




-- 
Sam Leathers
Sam Leathers Computer Services
814.574.7307
sam at samleathers.com
www.samleathers.com
 -Computer repair services
 -Reliable business consulting
 -Web design and hosting that meets your needs
 -Collection of computers no longer needed
 -Student discounted repair rate
 -Server setups and networking
-------------------------------------



Plus d'informations sur la liste de diffusion WiFiDog