[isf-wifidog] Allowing access to specified IP addresses/domain
names without prompting for login
Tarken Winn
tarkenwinn at gmail.com
Sam 17 Juin 21:01:44 EDT 2006
Hi there,
I have been experimenting with Wifidog (version 1.1.2-1) and have it
successfully up and running on my shiny new Linksys WRT54GL.
I am now wanting to allow access to a few specific websites without the user
being prompted to login.
I have tried adding them to /etc/wifidog.conf in both the FirewallRuleSet
unknown-users{...} and FirewallRuleSet global {...} rule sets to no avail.
Example below (I have also tried 'allow to 0.0.0.0/0' and other combos..)
...
FirewallRuleSet unknown-users{
FirewallRule allow tcp port 80 to 216.193.215.157 # The IP of the
server I want to be able to access
FirewallRule block to 0.0.0.0/0
}
It appears that something (S45Firewall?) is superceding the FirewallRules
specified in wifidog.conf. It is as if the redirect of any port 80 requests
to the auth server is happening before the FirewallRules from
Wifidog.confare processed. I am redirected to the login page
regardless of the IP
address/site I attempt to access. If I login then access is granted as
expected. [Disclaimer: I don't really know quite what I'm talking about but
have spent a fair amount of time investigating this]
The following is selected output from 'iptables -L -v' command:
Chain WiFiDog_Unknown (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- any any anywhere
anywhere tcp dpt:80
11046 535K REJECT all -- any any anywhere
anywhere reject-with icmp-port-unreachable
Chain WiFiDog_WIFI2Internet (1 references)
pkts bytes target prot opt in out source
destination
12902 719K WiFiDog_AuthServers all -- any any
anywhere anywhere
0 0 WiFiDog_Locked all -- any any anywhere
anywhere MARK match 0x254
12864 717K WiFiDog_Global all -- any any anywhere
anywhere
0 0 WiFiDog_Validate all -- any any anywhere
anywhere MARK match 0x1
1818 182K WiFiDog_Known all -- any any anywhere
anywhere MARK match 0x2
11046 535K WiFiDog_Unknown all -- any any anywhere
anywhere
I have had a good look through the mailing list archives and didn't find
mention of this issue (although I can't read French) but expect I am not the
first and only person to have it.
Any suggestions would be much appreciated!
Thanks in advance,
Tarken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060618/1dc36b9e/attachment.htm
Plus d'informations sur la liste de diffusion WiFiDog