[isf-wifidog] Allowing access to specified IP addresses/domain
names without prompting for login
François Proulx
fproulx at edito.qc.ca
Dim 18 Juin 00:26:53 EDT 2006
RC3 and RC4 have different iptables scripts. RC5 change back to the
old style, that might solve your issue.
Nonetheless, their is currently a bug in Wifidog, here we are now
running RC5 and it works great.
On 17-Jun-06, at 10:43 PM, Tarken Winn wrote:
> Hi Francois,
>
> Thanks for your quick reply. I am running Whiterussian RC4.
> Everything except allowing specific IP addresses to be accessed
> without authenticating the client with the wifidog gateway appears
> to be working fine (that I have found/checked).
>
> Tarken
>
> On 6/18/06, François Proulx <fproulx at edito.qc.ca> wrote:
> Are you running Whiterussian RC5 ?
>
>
> On 17-Jun-06, at 9:01 PM, Tarken Winn wrote:
>
> Hi there,
>
> I have been experimenting with Wifidog (version 1.1.2-1) and have
> it successfully up and running on my shiny new Linksys WRT54GL.
>
> I am now wanting to allow access to a few specific websites without
> the user being prompted to login.
>
> I have tried adding them to /etc/wifidog.conf in both the
> FirewallRuleSet unknown-users{...} and FirewallRuleSet global {...}
> rule sets to no avail. Example below (I have also tried 'allow to
> 0.0.0.0/0' and other combos..)
> ...
> FirewallRuleSet unknown-users{
> FirewallRule allow tcp port 80 to 216.193.215.157 # The
> IP of the server I want to be able to access
> FirewallRule block to 0.0.0.0/0
> }
>
> It appears that something (S45Firewall?) is superceding the
> FirewallRules specified in wifidog.conf. It is as if the redirect
> of any port 80 requests to the auth server is happening before the
> FirewallRules from Wifidog.conf are processed. I am redirected to
> the login page regardless of the IP address/site I attempt to
> access. If I login then access is granted as expected. [Disclaimer:
> I don't really know quite what I'm talking about but have spent a
> fair amount of time investigating this]
>
> The following is selected output from 'iptables -L -v' command:
>
> Chain WiFiDog_Unknown (1 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:80
> 11046 535K REJECT all -- any any anywhere
> anywhere reject-with icmp-port-unreachable
>
> Chain WiFiDog_WIFI2Internet (1 references)
> pkts bytes target prot opt in out source
> destination
> 12902 719K WiFiDog_AuthServers all -- any any
> anywhere anywhere
> 0 0 WiFiDog_Locked all -- any any
> anywhere anywhere MARK match 0x254
> 12864 717K WiFiDog_Global all -- any any
> anywhere anywhere
> 0 0 WiFiDog_Validate all -- any any
> anywhere anywhere MARK match 0x1
> 1818 182K WiFiDog_Known all -- any any
> anywhere anywhere MARK match 0x2
> 11046 535K WiFiDog_Unknown all -- any any
> anywhere anywhere
>
> I have had a good look through the mailing list archives and didn't
> find mention of this issue (although I can't read French) but
> expect I am not the first and only person to have it.
>
> Any suggestions would be much appreciated!
>
> Thanks in advance,
>
> Tarken
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-------------- section suivante --------------
Une pièce jointe HTML a été enlevée...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060618/c4ac2659/attachment.html
Plus d'informations sur la liste de diffusion WiFiDog