[isf-wifidog] Allowing access to specified IP addresses/domain
names without prompting for login
Tarken Winn
tarkenwinn at gmail.com
Sam 17 Juin 22:43:38 EDT 2006
Hi Francois,
Thanks for your quick reply. I am running Whiterussian RC4. Everything
except allowing specific IP addresses to be accessed without authenticating
the client with the wifidog gateway appears to be working fine (that I have
found/checked).
Tarken
On 6/18/06, François Proulx <fproulx at edito.qc.ca> wrote:
>
> Are you running Whiterussian RC5 ?
>
> On 17-Jun-06, at 9:01 PM, Tarken Winn wrote:
>
> Hi there,
>
> I have been experimenting with Wifidog (version 1.1.2-1) and have it
> successfully up and running on my shiny new Linksys WRT54GL.
>
> I am now wanting to allow access to a few specific websites without the
> user being prompted to login.
>
> I have tried adding them to /etc/wifidog.conf in both the FirewallRuleSet
> unknown-users{...} and FirewallRuleSet global {...} rule sets to no avail.
> Example below (I have also tried 'allow to 0.0.0.0/0' and other combos..)
> ...
> FirewallRuleSet unknown-users{
> FirewallRule allow tcp port 80 to 216.193.215.157 # The IP of
> the server I want to be able to access
> FirewallRule block to 0.0.0.0/0
> }
>
> It appears that something (S45Firewall?) is superceding the FirewallRules
> specified in wifidog.conf. It is as if the redirect of any port 80
> requests to the auth server is happening before the FirewallRules from
> Wifidog.conf are processed. I am redirected to the login page regardless
> of the IP address/site I attempt to access. If I login then access is
> granted as expected. [Disclaimer: I don't really know quite what I'm talking
> about but have spent a fair amount of time investigating this]
>
> The following is selected output from 'iptables -L -v' command:
>
> Chain WiFiDog_Unknown (1 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:80
> 11046 535K REJECT all -- any any anywhere
> anywhere reject-with icmp-port-unreachable
>
> Chain WiFiDog_WIFI2Internet (1 references)
> pkts bytes target prot opt in out source
> destination
> 12902 719K WiFiDog_AuthServers all -- any any
> anywhere anywhere
> 0 0 WiFiDog_Locked all -- any any anywhere
> anywhere MARK match 0x254
> 12864 717K WiFiDog_Global all -- any any anywhere
> anywhere
> 0 0 WiFiDog_Validate all -- any any anywhere
> anywhere MARK match 0x1
> 1818 182K WiFiDog_Known all -- any any anywhere
> anywhere MARK match 0x2
> 11046 535K WiFiDog_Unknown all -- any any anywhere
> anywhere
>
> I have had a good look through the mailing list archives and didn't find
> mention of this issue (although I can't read French) but expect I am not the
> first and only person to have it.
>
> Any suggestions would be much appreciated!
>
> Thanks in advance,
>
> Tarken
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060618/426b2f2b/attachment-0001.html
Plus d'informations sur la liste de diffusion WiFiDog