[isf-wifidog] Allowing access to specified IP addresses/domain names without prompting for login

Tarken Winn tarkenwinn at gmail.com
Mer 21 Juin 18:15:25 EDT 2006


Hi again Francois,

I have just upgraded to RC5 and the outcome is the same. In my
wifidog.conffile I specify
www.google.com ip addresses (for New Zealand at least, resolves to the
following) and restart wifidog (or reboot or repower). The outcome is that I
am redirected to the wifidog authentication page.

FirewallRuleSet unknown-users {
# www.google.co.nz IP addresses
FirewallRule allow to 66.102.7.147
FirewallRule allow to 66.102.7.104
FirewallRule allow to 66.102.7.99
}

It appears that something is still amiss. Any other suggestions? Does anyone
successfully allow unauthenticated access via wifidog.conf rule sets to
specific IP Addresses on RC4 or RC5? Any suggestions as to how this can be
achieved outside of wifidog conf? ie do not route requests for specific ip
address to wifidog gateway - I guess it's an iptable thing, which I am a
little hesistant to start hacking at unnecessarily.

I hope someone can help. Thanks in advance.

Tarken

On 6/18/06, François Proulx <fproulx at edito.qc.ca> wrote:
>
> RC3 and RC4 have different iptables scripts. RC5 change back to the old
> style, that might solve your issue.
> Nonetheless, their is currently a bug in Wifidog, here we are now running
> RC5 and it works great.
> On 17-Jun-06, at 10:43 PM, Tarken Winn wrote:
>
> Hi Francois,
>
> Thanks for your quick reply. I am running Whiterussian RC4. Everything
> except allowing specific IP addresses to be accessed without authenticating
> the client with the wifidog gateway appears to be working fine (that I have
> found/checked).
>
> Tarken
>
> On 6/18/06, François Proulx <fproulx at edito.qc.ca> wrote:
> >
> > Are you running Whiterussian RC5 ?
> >
> > On 17-Jun-06, at 9:01 PM, Tarken Winn wrote:
> >
> > Hi there,
> >
> > I have been experimenting with Wifidog (version 1.1.2-1) and have it
> > successfully up and running on my shiny new Linksys WRT54GL.
> >
> > I am now wanting to allow access to a few specific websites without the
> > user being prompted to login.
> >
> > I have tried adding them to /etc/wifidog.conf in both the
> > FirewallRuleSet unknown-users{...} and FirewallRuleSet global {...} rule
> > sets to no avail. Example below (I have also tried 'allow to 0.0.0.0/0'
> > and other combos..)
> > ...
> > FirewallRuleSet unknown-users{
> >           FirewallRule allow tcp port 80 to 216.193.215.157 # The IP of
> > the server I want to be able to access
> >           FirewallRule block to 0.0.0.0/0
> > }
> >
> > It appears that something (S45Firewall?) is superceding the
> > FirewallRules specified in wifidog.conf. It is as if the redirect of any
> > port 80 requests to the auth server is happening before the FirewallRules
> > from Wifidog.conf are processed. I am redirected to the login page
> > regardless of the IP address/site I attempt to access. If I login then
> > access is granted as expected. [Disclaimer: I don't really know quite what
> > I'm talking about but have spent a fair amount of time investigating this]
> >
> > The following is selected output from 'iptables -L -v' command:
> >
> > Chain WiFiDog_Unknown (1 references)
> >  pkts bytes target     prot opt in     out     source
> > destination
> >     0     0 ACCEPT     tcp  --  any    any     anywhere
> > anywhere            tcp dpt:80
> > 11046  535K REJECT     all  --  any    any     anywhere
> > anywhere            reject-with icmp-port-unreachable
> >
> > Chain WiFiDog_WIFI2Internet (1 references)
> >  pkts bytes target     prot opt in     out     source
> > destination
> > 12902  719K WiFiDog_AuthServers  all  --  any    any
> > anywhere             anywhere
> >     0     0 WiFiDog_Locked  all  --  any    any     anywhere
> > anywhere            MARK match 0x254
> > 12864  717K WiFiDog_Global  all  --  any    any     anywhere
> > anywhere
> >     0     0 WiFiDog_Validate  all  --  any    any
> > anywhere             anywhere            MARK match 0x1
> >  1818  182K WiFiDog_Known  all  --  any    any     anywhere
> > anywhere            MARK match 0x2
> > 11046  535K WiFiDog_Unknown  all  --  any    any
> > anywhere             anywhere
> >
> > I have had a good look through the mailing list archives and didn't find
> > mention of this issue (although I can't read French) but expect I am not the
> > first and only person to have it.
> >
> > Any suggestions would be much appreciated!
> >
> > Thanks in advance,
> >
> > Tarken
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >
> >
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >
> >
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060622/c4c71ff7/attachment.html


Plus d'informations sur la liste de diffusion WiFiDog