[isf-wifidog] Allowing access to specified IP addresses/domain names without prompting for login

Tarken Winn tarkenwinn at gmail.com
Sam 17 Juin 21:01:44 EDT 2006 

Hi there,

I have been experimenting with Wifidog (version 1.1.2-1) and have it
successfully up and running on my shiny new Linksys WRT54GL.

I am now wanting to allow access to a few specific websites without the user
being prompted to login.

I have tried adding them to /etc/wifidog.conf in both the FirewallRuleSet
unknown-users{...} and FirewallRuleSet global {...} rule sets to no avail.
Example below (I have also tried 'allow to 0.0.0.0/0' and other combos..)
...
FirewallRuleSet unknown-users{
          FirewallRule allow tcp port 80 to 216.193.215.157 # The IP of the
server I want to be able to access
          FirewallRule block to 0.0.0.0/0
}

It appears that something (S45Firewall?) is superceding the FirewallRules
specified in wifidog.conf. It is as if the redirect of any port 80 requests
to the auth server is happening before the FirewallRules from
Wifidog.confare processed. I am redirected to the login page
regardless of the IP
address/site I attempt to access. If I login then access is granted as
expected. [Disclaimer: I don't really know quite what I'm talking about but
have spent a fair amount of time investigating this]

The following is selected output from 'iptables -L -v' command:

Chain WiFiDog_Unknown (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     tcp  --  any    any     anywhere
anywhere            tcp dpt:80
11046  535K REJECT     all  --  any    any     anywhere
anywhere            reject-with icmp-port-unreachable

Chain WiFiDog_WIFI2Internet (1 references)
 pkts bytes target     prot opt in     out     source
destination
12902  719K WiFiDog_AuthServers  all  --  any    any
anywhere             anywhere
    0     0 WiFiDog_Locked  all  --  any    any     anywhere
anywhere            MARK match 0x254
12864  717K WiFiDog_Global  all  --  any    any     anywhere
anywhere
    0     0 WiFiDog_Validate  all  --  any    any     anywhere
anywhere            MARK match 0x1
 1818  182K WiFiDog_Known  all  --  any    any     anywhere
anywhere            MARK match 0x2
11046  535K WiFiDog_Unknown  all  --  any    any     anywhere
anywhere

I have had a good look through the mailing list archives and didn't find
mention of this issue (although I can't read French) but expect I am not the
first and only person to have it.

Any suggestions would be much appreciated!

Thanks in advance,

Tarken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060618/1dc36b9e/attachment.htm

Plus d'informations sur la liste de diffusion WiFiDog