[isf-wifidog] connection refused for all requests from client
Ken Chase
m-wifidog at sizone.org
Mer 4 Juil 12:33:26 EDT 2007
trying to get wifidog going here for a project.
Auth server installed fine, no problems (in a linux vserver no less! :)
(ie linux-vserver.org)
I am running OpenWRT latest version (feb 07 on their page) on my WRT54GL
with the latest WebIf.
I grabbed the latest release of the wifidog ipk, 1.1.3 and installed it
no problem on my WRT.
Ive edited /etc/init.d/S35Firewall to comment out the forwarding lines,
and libpthread is installed (among much else).
Wifidog runs (-f -d 7) fine, and connects to the auth server no problem,
I see pongs every minute.
However, all surfing as a client thru wifidog is connection refused.
The Wifidog WRT IS resolving DNS fine (though I dont think a DNS
problem would give connection refused per se). Ive also tested with raw
IPs to surf (avoiding DNS).
Any suggestions as to what the problem may be?
Do I need to do more auth server setup? It's all in defaults for now.
I would think that something would happen trying to surf through
wifidog, even if auth is opnly configured in defaults and wifidog
can ping the auth server ok. I am confused that im getting a
connection refused.
from a linux box as wifidog client:
# telnet 66.96.29.195 80
Trying 66.96.29.195...
telnet: Unable to connect to remote host: Connection refused
If I stop wifidog and rerun the original S35firewall to reinsert the
forwarding rules, I can surf to the internet no problem from my
clients.
Any help is appreciated. Long outputs follow below:
(192.168.1.0/24 is internal network at office im testing on, it's
natted to the net by another firewall (yes double natting is horrid).
192.168.5.0/24 is my wifi client network im testing on.)
==============================================================================
root at gw:~# ifconfig
br0 Link encap:Ethernet HWaddr 00:1A:70:E6:90:28
inet addr:192.168.5.1 Bcast:192.168.5.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22602 errors:0 dropped:0 overruns:0 frame:0
TX packets:20695 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1472871 (1.4 MiB) TX bytes:7843103 (7.4 MiB)
eth0 Link encap:Ethernet HWaddr 00:1A:70:E6:90:28
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:57041 errors:0 dropped:0 overruns:0 frame:0
TX packets:29747 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10253167 (9.7 MiB) TX bytes:8873776 (8.4 MiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr 00:1A:70:E6:90:2A
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:333 errors:0 dropped:0 overruns:0 frame:285809
TX packets:343 errors:39 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34751 (33.9 KiB) TX bytes:42164 (41.1 KiB)
Interrupt:2 Base address:0x5000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1472 (1.4 KiB) TX bytes:1472 (1.4 KiB)
vlan0 Link encap:Ethernet HWaddr 00:1A:70:E6:90:28
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:22266 errors:0 dropped:0 overruns:0 frame:0
TX packets:20852 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1531828 (1.4 MiB) TX bytes:7945851 (7.5 MiB)
vlan1 Link encap:Ethernet HWaddr 00:1A:70:E6:90:29
inet addr:192.168.1.78 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34789 errors:0 dropped:0 overruns:0 frame:0
TX packets:8897 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7695595 (7.3 MiB) TX bytes:774092 (755.9 KiB)
==============================================================================
once wifidog runs and sets up all its firewall rules, I see this in
iptables:
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp option=!2 flags:SYN/SYN
input_rule all -- anywhere anywhere
input_wan all -- anywhere anywhere
LAN_ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
WiFiDog_WIFI2Internet all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
forwarding_rule all -- anywhere anywhere
forwarding_wan all -- anywhere anywhere
Chain LAN_ACCEPT (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
output_rule all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain WiFiDog_AuthServers (1 references)
target prot opt source destination
ACCEPT all -- anywhere wifidog.harmony-mobile.com
Chain WiFiDog_Global (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:25 reject-with icmp-port-unreachable
Chain WiFiDog_Known (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain WiFiDog_Locked (1 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain WiFiDog_Unknown (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:53
ACCEPT tcp -- anywhere anywhere tcp dpt:53
ACCEPT udp -- anywhere anywhere udp dpt:67
ACCEPT tcp -- anywhere anywhere tcp dpt:67
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain WiFiDog_Validate (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain WiFiDog_WIFI2Internet (1 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
WiFiDog_AuthServers all -- anywhere anywhere
WiFiDog_Locked all -- anywhere anywhere MARK match 0x254
WiFiDog_Global all -- anywhere anywhere
WiFiDog_Validate all -- anywhere anywhere MARK match 0x1
WiFiDog_Known all -- anywhere anywhere MARK match 0x2
WiFiDog_Unknown all -- anywhere anywhere
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination
==============================================================================
Installed Packages
Action Package Version Description
Uninstall base-files 9 OpenWrt filesystem structure and scripts
Uninstall base-files-brcm 2 Board/architecture specific files
Uninstall bridge 1.0.6-1 Ethernet bridging tools
Uninstall busybox 1.00-5 Core utilities for embedded Linux systems
Uninstall dnsmasq 2.35-1 A lightweight DNS and DHCP server
Uninstall dropbear 0.48.1-1 a small SSH 2 server/client designed for small memory environments.
Uninstall haserl 0.8.0-1 a CGI wrapper to embed shell scripts in HTML documents
Uninstall ip 2.6.11-050330-1 iproute2 routing control utility
Uninstall ipkg 0.99.149-2 lightweight package management system
Uninstall iptables 1.3.3-2 The netfilter firewalling software for IPv4
Uninstall iptables-mod-conntrack 1.3.3-3 Iptables (IPv4) extensions for connection tracking
Uninstall iptables-mod-extra 1.3.3-3 Other extra Iptables (IPv4) extensions
Uninstall iptables-mod-filter 1.3.3-3 Iptables (IPv4) extension for packet content inspection
Uninstall iptables-mod-imq 1.3.3-3 Iptables (IPv4) extensions for Intermediate Queuing Device QoS-support
Uninstall iptables-mod-ipopt 1.3.3-3 Iptables (IPv4) extensions for matching/changing IP packet options
Uninstall iptables-mod-nat 1.3.3-3 Iptables (IPv4) extensions for different NAT targets
Uninstall iwlib 28.pre7-1 Library for setting up WiFi cards using the Wireless Extension
Uninstall kernel 2.4.30-brcm-5
Uninstall kmod-brcm-wl 2.4.30-brcm-5 Proprietary driver for Broadcom Wireless chipsets
Uninstall kmod-diag 2.4.30-brcm-5 Kernel modules for LEDs and buttons
Uninstall kmod-imq 2.4.30-brcm-5 Kernel support for the Intermediate Queueing device
Uninstall kmod-ipt-conntrack 2.4.30-brcm-5 Extra Netfilter (IPv4) kernel modules for connection tracking
Uninstall kmod-ipt-extra 2.4.30-brcm-5 Other extra Netfilter (IPv4) kernel modules
Uninstall kmod-ipt-filter 2.4.30-brcm-5 Netfilter (IPv4) kernel modules for packet content inspection
Uninstall kmod-ipt-ipopt 2.4.30-brcm-5 Netfilter (IPv4) kernel modules for matching/changing IP packet options
Uninstall kmod-ipt-nat 2.4.30-brcm-5 Netfilter (IPv4) kernel modules for different NAT targets
Uninstall kmod-ipt-nat-default 2.4.30-brcm-5 Default Netfilter (IPv4) NAT kernel modules for special protocols
Uninstall kmod-ppp 2.4.30-brcm-5 PPP support
Uninstall kmod-pppoe 2.4.30-brcm-5 PPP over Ethernet support
Uninstall kmod-sched 2.4.30-brcm-5 Kernel schedulers for IP traffic
Uninstall kmod-switch 2.4.30-brcm-1 switch driver for robo/admtek switch
Uninstall kmod-wlcompat 2.4.30-brcm-4 Compatibility module for using the Wireless Extension with broadcom's wl
Uninstall libpthread 0.9.27-1 POSIX threads library
Uninstall mtd 5 Tool for modifying the flash chip
Uninstall nvram 1 NVRAM utility and libraries for Broadcom hardware
Uninstall ppp 2.4.3-7 a PPP (Point-to-Point Protocol) daemon (with MPPE/MPPC support)
Uninstall ppp-mod-pppoe 2.4.3-7 a PPPoE (PPP over Ethernet) plugin for PPP
Uninstall qos-scripts 1.1.1-2 QoS scripts for OpenWrt
Uninstall tc 2.6.11-050330-1 iproute2 traffic control utility
Uninstall uclibc 0.9.27-9 Standard C library for embedded Linux systems
Uninstall webif 0.3-8 An HTTP administrative console for OpenWrt.
Uninstall wificonf 6 Replacement utility for wlconf
Uninstall wifidog 1.1.3-1
Uninstall wireless-tools 28.pre7-1 Tools for setting up WiFi cards using the Wireless Extension
/kc
--
Ken Chase - math at sizone.org Toronto CANADA.
Plus d'informations sur la liste de diffusion WiFiDog