[isf-wifidog] wifidog + friefunk

Frederico Marques frederico at marques.cx
Mer 17 Oct 11:26:38 EDT 2007


On Oct 12, 2007, at 6:49 PM, Larry DiBona wrote:

> Fred
> Thanks for the info. I set up a TrustedMAClist before I posted my
> request, but it didn't help. I would like to try your iptables
> suggestion.  Could you tell me what the "WiFiDog_WIFI2Internet"  
> is . Is
> this a system variable set by Wifidog during installation? Should I  
> use
> this iptables command as is or substitute WiFiDog_WIFI2Internet with
> something?

It's an iptables table created by wifidog-gw where you deny *new*  
traffic coming from the gateway (client) interface. Basically, the  
default iptables rule on wifidog-gw is to deny every new packet  
coming from So, new clients connected to OLSR (laptops  
for example) can't get through wifidog authentication. If you have  
something like this on your rules:

iptables -t filter -R WiFiDog_WIFI2Internet 3 -i eth1 -s - 
m state --state NEW,INVALID -j DROP

where eth1 is your Gateway interface and is your Mesh  
Network. Try to replace it with a

iptables -t filter -R WiFiDog_WIFI2Internet 3 -i eth1 -s !  -m state --state NEW,INVALID -j DROP

It worked for me.

> More Info since I last posted: The node that is not connected to the
> Internet ,with no WAN connection and only on the mesh, will find the
> login page of the node that it meshes with that _is_ connected to the
> Internet WAN port.  This only works if I do not set the node to use
> itself as a gateway.  If you look at the mesh web report on the node,
> you can see the gateway that is being used, and the login page I  
> get is
> the login of the gateway.  Somehow OLSR is setting the default gateway
> and that gateway allows the node to see the Auth server, but the login
> page from the gateway displays, not the node. I can live with this,  
> but
> it would be way cooler for a node that is only connected using the  
> mesh
> to find the server directly and display it's own page.

That's a known multi-splash problem with wifidog and OLSR. Try my fix  
above. Don't know if it works for you.



Plus d'informations sur la liste de diffusion WiFiDog