[isf-wifidog] Gateway continues to allow persistent connections after logout

Chris Rowson christopherrowson at gmail.com
Mer 26 Juil 06:53:38 EDT 2006 

Hi Tarken,

Am I right in thinking that your users are able to continue using the
connection after they have logged out?

If so, have you changed CONF_USE_CRON_FOR_DB_CLEANUP to false in your
config.php. That should clean up your database everytime a user query
comes in (which solved a similar problem that I was having).

Also, have you checked the timeout variables in the wifidog
configuration file itself?

Chris

On 26/07/06, Tarken Winn <tarkenwinn at gmail.com> wrote:
>
> Hello again everyone,
>
>  I have spent a fair amount of time investigating the issue I previously described, namely that when a user logs out any established streaming connections will continue as accepted, and have not found a solution.
>
>  It appears that /etc/init.d/S45firewall allows RELATED,ESTABLISHED packets to be forwarded at the line:
>
>  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>
>  I tried commenting out this line in the hope that it would be covered by the rules in the WiFiDog_WIFI2Internet chain which is checked in the FORWARD chain, but to no avail.
>
>  I have tried allowing any packets with the auth server as source or destination to be forwarded, which allows a user to login (in the hope that subsequent packets will then be marked in the WiFiDog_WIFI2Internet chain and correctly forwarded) but then does not allow access to any websites other than the auth server even after successful login.
>
>  I now wonder whether the only way to solve this issue is to modify the wifidog gateway client code? I guess fw_iptables.c is where things would need to happen.
>
>  Has anyone come up with a solution for this issue? Does anyone knowledgeable on the internal workings of the gateway and its interactions with iptables have any suggestions?
>
>  Without resolving this issue, limiting and recording the amount of data a node/user can transfer per month seems a little futile. A user could (and no doubt will) just login, start a streaming video feed (or whatever), logout, then kick back and watch the show without being 'counted'.
>
>  Thanks,
>
>
>  Tarken
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>

Plus d'informations sur la liste de diffusion WiFiDog