[isf-wifidog] Gateway Lockup and Auth Server Errors
Matthew Tavenor
mtavenor at nlpl.ca
Mar 15 Avr 07:43:45 EDT 2008
Greetings,
I have a few questions on my test setup for Wifidog Hotspot. I am in the
process of trying to get this up and running so that we can deploy it in 96+
Library locations across my Province. The test setup and problems that
occur are list below:
Wifidog Gateway (Revision:1344) - Dell Optiplex 755 Small Form Factor
- Fedora 8 - 64bit (Using built in iptables firewall for basic
masquerading)
- SELinux Off
- Linksys WRV200 w/Ranger Booster - Wireless AP
Wifidog Auth Server (Revision:1343) - Dell Optiplex 755 Small Form Factor
- Fedora 8 - 32bit (no Firewall at the moment because of testing)
- Apache 2.2.8
- Postgresql 8.2.7
- PHP 5.2.4
Wifidog.conf
----------------
GatewayID ggrwifi
ExternalInterface eth0
GatewayInterface eth1
GatewayAddress 10.0.0.1
AuthServer {
Hostname 192.168.0.205
SSLPort 443
HTTPPort 80
Path /
}
GatewayPort 2060
HTTPDName WiFiDog
HTTPDMaxConn 100
CheckInterval 120
ClientTimeout 10
FirewallRuleSet global {
FirewallRule block tcp port 25
FirewallRule block to 192.168.0.0/16
}
FirewallRuleSet validating-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet known-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet unknown-users {
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
}
FirewallRuleSet locked-users {
FirewallRule block to 0.0.0.0/0
}
-------------------
Pg_hba.conf
---------------
local wifidog wifidog md5
local all all ident sameuser
# IPv4 local connections:
host wifidog wifidog 127.0.0.1/32 md5
host all all 127.0.0.1/32 ident sameuser
# IPv6 local connections:
#host all all ::1/128 ident sameuser
---------------
I hope I have provided enough information for my questions. Here they are.
1) Everything seems to work fine, I get the login/portal page you can
sign up and validation works, browse the web for as long as you like. If
you sit idle for say 30 minutes, then try to browse with an open browser,
the Wifidog gateway locks and will lose connection to the Auth server.
2) I can't find a way to get the Wifidog to give me more information
besides running it with the command Wifidog -f -d 7 ? No information
anywhere else besides this on the screen right before it locks.
[7][Mon Apr 14 16:39:42 2008][2909](auth.c:83) Running fw_counter()
[7][Mon Apr 14 16:39:42 2008][2909](fw_iptables.c:510) Read outgoing traffic
for 10.0.0.120: Bytes=62228
3) Here is the error on the /var/log/httpd/error_log
[Mon Apr 14 16:38:24 2008] [error] [client 192.168.0.212] ModSecurity:
Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [id
"960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"]
[hostname "192.168.0.205"] [uri
"/auth/?stage=counters&ip=10.0.0.120&mac=00:16:6F:6B:B6:9A&token=2fe6378088b
8adc4d3e64d7ef3345ac8&incoming=385513&outgoing=62180"] [unique_id
"AgVSLn8AAAEAAAhmPRUAAAAB"]
[Mon Apr 14 16:38:28 2008] [error] [client 192.168.0.212] ModSecurity:
Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [id
"960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"]
[hostname "192.168.0.205"] [uri
"/ping/?gw_id=ggrwifi&sys_uptime=3503&sys_memfree=1357812&sys_load=0.02&wifi
dog_uptime=2524"] [unique_id "AkIxF38AAAEAAAhnPWoAAAAC"]
Please help as I really excited about this project and I want to use this
product as it does exactly what we want it to do.
Thanks,
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080415/ccd2ba4c/attachment.htm
Plus d'informations sur la liste de diffusion WiFiDog