[isf-wifidog] IPTables Configuration
Frederico Marques
frederico at marques.cx
Mer 5 Déc 08:00:29 EST 2007
Sorry, the correct rule is
-A FORWARD -i eth1 -o eth0 -j DROP
Fred
On Dec 5, 2007, at 12:58 PM, Frederico Marques wrote:
> Hi Matthew,
>
> You can add an iptables rule (just after the last rule) on the
> FORWARD chain like this:
>
> -A FORWARD -i eth1 -o eth1 -j DROP
>
> It will deny any traffic coming in from the eth1 wifi interface and
> coming out to the eth0 internal.
>
> Of course, if you want to enable wifidog you'll have to coment out
> this rule and restart iptables. You can use cron to that
> automagically for a period of time.
>
> Fred
>
> On Dec 4, 2007, at 11:16 PM, Matthew J. Sonnentag wrote:
>
>> Hi All,
>>
>>
>>
>> We have successfully installed wifidog gateway and authserver on
>> centos 5 and all seems to be working well except for one issue:
>>
>>
>>
>> We are using a default iptables configuration and when the gateway
>> service is not running our box becomes an open router to the
>> internet for any users who happen to connect to our wireless
>> network. Does anyone have an iptables configuration that would
>> “turn-off” the wireless access without the wifidog gateway
>> running? If that is not possible, are there other methods that
>> anyone would care to float to prevent access when the gateway
>> service is not running?
>>
>>
>>
>> Here is the default code from our iptables, eth0 is internal, eth1
>> is wi-fi:
>>
>>
>>
>> *filter
>>
>> :INPUT ACCEPT [0:0]
>>
>> :FORWARD ACCEPT [0:0]
>>
>> :OUTPUT ACCEPT [0:0]
>>
>> -A INPUT -i eth1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
>>
>> -A FORWARD -o eth1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
>>
>> -A FORWARD -i eth1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
>>
>> -A OUTPUT -o eth1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
>>
>> COMMIT
>>
>>
>>
>> Obviously, the gateway, when running adds a number of additional
>> configuration commands to this configuration, but we have not be
>> able to come up with any configuration that seems to prevent access
>> when the gateway is not running.
>>
>>
>>
>> Also, is there any documentation freely available related to the
>> firewallruleset commands in the wifidog.conf file? We would be
>> interested in limiting and logging some of the outgoing ports that
>> are used.
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Matt
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Plus d'informations sur la liste de diffusion WiFiDog