[isf-wifidog] Gateway Lockup and Auth Server Errors

acv acv at miniguru.ca
Mar 15 Avr 09:02:22 EDT 2008 

	Try disabling mod_security in your apache setup. The wifidog
HTTP implementation is as minimal as possible and it looks like your
mod_security is rejecting part of the protocol.

Alex

On Tue, Apr 15, 2008 at 09:13:45AM -0230, Matthew Tavenor wrote:
> From: "Matthew Tavenor" <mtavenor at nlpl.ca>
> To: <wifidog at listes.ilesansfil.org>
> Date: Tue, 15 Apr 2008 09:13:45 -0230
> X-Mailer: Microsoft Office Outlook 12.0
> Subject: [isf-wifidog] Gateway Lockup and Auth Server Errors
> 
> Greetings,
> 
>  
> 
> I have a few questions on my test setup for Wifidog Hotspot.  I am in the
> process of trying to get this up and running so that we can deploy it in 96+
> Library locations across my Province.  The test setup and problems that
> occur are list below:
> 
>  
> 
> Wifidog Gateway (Revision:1344) - Dell Optiplex 755 Small Form Factor
> 
> -          Fedora 8 - 64bit  (Using built in iptables firewall for basic
> masquerading)
> 
> -          SELinux Off
> 
> -          Linksys WRV200 w/Ranger Booster - Wireless AP
> 
>  
> 
> Wifidog Auth Server (Revision:1343) - Dell Optiplex 755 Small Form Factor
> 
> -          Fedora 8 - 32bit (no Firewall at the moment because of testing)
> 
> -          Apache 2.2.8
> 
> -          Postgresql 8.2.7
> 
> -          PHP 5.2.4
> 
>  
> 
>  
> 
> Wifidog.conf 
> 
> ----------------
> 
> GatewayID ggrwifi 
> 
> ExternalInterface eth0
> 
> GatewayInterface eth1 
> 
> GatewayAddress 10.0.0.1 
> 
>  
> 
> AuthServer {
> 
>     Hostname 192.168.0.205
> 
>     SSLPort 443
> 
>     HTTPPort 80
> 
>     Path /
> 
> }
> 
>  
> 
> GatewayPort 2060
> 
> HTTPDName WiFiDog
> 
> HTTPDMaxConn 100 
> 
> CheckInterval 120 
> 
> ClientTimeout 10 
> 
> FirewallRuleSet global {
> 
>     FirewallRule block tcp port 25
> 
>     FirewallRule block to 192.168.0.0/16
> 
>     }
> 
> FirewallRuleSet validating-users {
> 
>     FirewallRule allow to 0.0.0.0/0
> 
> }
> 
> FirewallRuleSet known-users {
> 
>     FirewallRule allow to 0.0.0.0/0
> 
> }
> 
> FirewallRuleSet unknown-users {
> 
>     FirewallRule allow udp port 53
> 
>     FirewallRule allow tcp port 53
> 
>     FirewallRule allow udp port 67
> 
>     FirewallRule allow tcp port 67
> 
> }
> 
> FirewallRuleSet locked-users {
> 
>     FirewallRule block to 0.0.0.0/0
> 
> }
> 
> -------------------
> 
>  
> 
> Pg_hba.conf
> 
> ---------------
> local   wifidog     wifidog                           md5
> 
> local   all         all                               ident sameuser
> 
> # IPv4 local connections:
> 
> host    wifidog     wifidog     127.0.0.1/32          md5
> 
> host    all         all         127.0.0.1/32          ident sameuser
> 
> # IPv6 local connections:
> 
> #host    all         all         ::1/128               ident sameuser
> 
> ---------------
> 
>  
> 
> I hope I have provided enough information for my questions.  Here they are.
> 
>  
> 
> 1)      Everything seems to work fine, I get the login/portal page you can
> sign up and validation works, browse the web for as long as you like.  If
> you sit idle for say 30 minutes, then try to browse with an open browser,
> the Wifidog gateway locks and will lose connection to the Auth server.
> 
> 2)      I can't find a way to get the Wifidog to give me more information
> besides running it with the command Wifidog -f -d 7 ?  No information
> anywhere else besides this on the screen right before it locks.  
> 
> [7][Mon Apr 14 16:39:42 2008][2909](auth.c:83) Running fw_counter()
> 
> [7][Mon Apr 14 16:39:42 2008][2909](fw_iptables.c:510) Read outgoing traffic
> for 10.0.0.120: Bytes=62228
> 
>  
> 
> 3)      Here is the error on the /var/log/httpd/error_log
> 
> [Mon Apr 14 16:38:24 2008] [error] [client 192.168.0.212] ModSecurity:
> Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [id
> "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"]
> [hostname "192.168.0.205"] [uri
> "/auth/?stage=counters&ip=10.0.0.120&mac=00:16:6F:6B:B6:9A&token=2fe6378088b
> 8adc4d3e64d7ef3345ac8&incoming=385513&outgoing=62180"] [unique_id
> "AgVSLn8AAAEAAAhmPRUAAAAB"]
> 
> [Mon Apr 14 16:38:28 2008] [error] [client 192.168.0.212] ModSecurity:
> Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [id
> "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"]
> [hostname "192.168.0.205"] [uri
> "/ping/?gw_id=ggrwifi&sys_uptime=3503&sys_memfree=1357812&sys_load=0.02&wifi
> dog_uptime=2524"] [unique_id "AkIxF38AAAEAAAhnPWoAAAAC"]
> 
>  
> 
> Please help as I really excited about this project and I want to use this
> product as it does exactly what we want it to do.
> 
> Thanks,
> 
> Matt
> 

> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 187 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080415/16870a04/attachment.pgp

Plus d'informations sur la liste de diffusion WiFiDog