[isf-wifidog] Gateway Lockup and Auth Server Errors
Matthew Tavenor
mtavenor at nlpl.ca
Mar 22 Avr 08:19:34 EDT 2008
Sorry to take so long but got tied up in meetings for a week. Here is the
response on the gateway.
Copied from ps ax last few lines then I typed in that command and I got
that.
12799 pts/0 Sl+ 0:00 wifidog -f -d 7
23595 pts/0 Z+ 0:00 [iptables] <defunct>
28929 pts/1 R+ 0:00 ps ax
[root at ggrwifigate ~]# strace -p 12799
Process 12799 attached - interrupt to quit futex(0x3b74553514,
FUTEX_WAIT_PRIVATE, 2, NULL
Firewall IPTABLES Rules I am using for test
/etc/sysconfig/iptables
# Generated by iptables-save v1.3.8 on Wed Apr 16 08:27:57 2008
*nat
:PREROUTING ACCEPT [22:1498]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [12:775] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT
# Completed on Wed Apr 16 08:27:57 2008
# Generated by iptables-save v1.3.8 on Wed Apr 16 08:27:57 2008
*filter
:INPUT DROP [45:2694]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [49:4650] -A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
COMMIT
# Completed on Wed Apr 16 08:27:57 2008
-----Original Message-----
From: wifidog-bounces at listes.ilesansfil.org
[mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of acv
Sent: Tuesday, April 15, 2008 3:58 PM
To: WiFiDog Captive Portal
Subject: Re: [isf-wifidog] Gateway Lockup and Auth Server Errors
Once it's locked up, log in as root on the gateway machine and run
"strace -p <pid>" and grab what comes out to a text file. This could shed
some light on what the gateway is doing.
Alex
On Tue, Apr 15, 2008 at 03:46:38PM -0230, Matthew Tavenor wrote:
> From: "Matthew Tavenor" <mtavenor at nlpl.ca>
> To: "'WiFiDog Captive Portal'" <wifidog at listes.ilesansfil.org>
> Date: Tue, 15 Apr 2008 15:46:38 -0230
> X-Mailer: Microsoft Office Outlook 12.0
> Subject: Re: [isf-wifidog] Gateway Lockup and Auth Server Errors
>
> Hi Alex,
>
> I have tried completely uninstalling mod_security and the problem of
> the Wifidog gateway still persist. The gateway will lockup / freeze
> and have to be terminated and restarted in-order to work again. This
> problem can be duplicated if say I log in after a fresh start-up on
> both laptop and gateway. Then if I shut the laptop off and wait 2
> minutes. Turn it back on the laptop will go through without a hitch
> but nobody else can sign up and the wifidog gateway freezes/locks.
>
> I wish I could get an error message but there is nothing. Please help!
>
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of acv
> Sent: Tuesday, April 15, 2008 10:32 AM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] Gateway Lockup and Auth Server Errors
>
> Try disabling mod_security in your apache setup. The wifidog HTTP
> implementation is as minimal as possible and it looks like your
> mod_security is rejecting part of the protocol.
>
> Alex
>
> On Tue, Apr 15, 2008 at 09:13:45AM -0230, Matthew Tavenor wrote:
> > From: "Matthew Tavenor" <mtavenor at nlpl.ca>
> > To: <wifidog at listes.ilesansfil.org>
> > Date: Tue, 15 Apr 2008 09:13:45 -0230
> > X-Mailer: Microsoft Office Outlook 12.0
> > Subject: [isf-wifidog] Gateway Lockup and Auth Server Errors
> >
> > Greetings,
> >
> >
> >
> > I have a few questions on my test setup for Wifidog Hotspot. I am
> > in the process of trying to get this up and running so that we can
> > deploy it in 96+ Library locations across my Province. The test
> > setup and problems that occur are list below:
> >
> >
> >
> > Wifidog Gateway (Revision:1344) - Dell Optiplex 755 Small Form
> > Factor
> >
> > - Fedora 8 - 64bit (Using built in iptables firewall for basic
> > masquerading)
> >
> > - SELinux Off
> >
> > - Linksys WRV200 w/Ranger Booster - Wireless AP
> >
> >
> >
> > Wifidog Auth Server (Revision:1343) - Dell Optiplex 755 Small Form
> > Factor
> >
> > - Fedora 8 - 32bit (no Firewall at the moment because of
testing)
> >
> > - Apache 2.2.8
> >
> > - Postgresql 8.2.7
> >
> > - PHP 5.2.4
> >
> >
> >
> >
> >
> > Wifidog.conf
> >
> > ----------------
> >
> > GatewayID ggrwifi
> >
> > ExternalInterface eth0
> >
> > GatewayInterface eth1
> >
> > GatewayAddress 10.0.0.1
> >
> >
> >
> > AuthServer {
> >
> > Hostname 192.168.0.205
> >
> > SSLPort 443
> >
> > HTTPPort 80
> >
> > Path /
> >
> > }
> >
> >
> >
> > GatewayPort 2060
> >
> > HTTPDName WiFiDog
> >
> > HTTPDMaxConn 100
> >
> > CheckInterval 120
> >
> > ClientTimeout 10
> >
> > FirewallRuleSet global {
> >
> > FirewallRule block tcp port 25
> >
> > FirewallRule block to 192.168.0.0/16
> >
> > }
> >
> > FirewallRuleSet validating-users {
> >
> > FirewallRule allow to 0.0.0.0/0
> >
> > }
> >
> > FirewallRuleSet known-users {
> >
> > FirewallRule allow to 0.0.0.0/0
> >
> > }
> >
> > FirewallRuleSet unknown-users {
> >
> > FirewallRule allow udp port 53
> >
> > FirewallRule allow tcp port 53
> >
> > FirewallRule allow udp port 67
> >
> > FirewallRule allow tcp port 67
> >
> > }
> >
> > FirewallRuleSet locked-users {
> >
> > FirewallRule block to 0.0.0.0/0
> >
> > }
> >
> > -------------------
> >
> >
> >
> > Pg_hba.conf
> >
> > ---------------
> > local wifidog wifidog md5
> >
> > local all all ident sameuser
> >
> > # IPv4 local connections:
> >
> > host wifidog wifidog 127.0.0.1/32 md5
> >
> > host all all 127.0.0.1/32 ident sameuser
> >
> > # IPv6 local connections:
> >
> > #host all all ::1/128 ident sameuser
> >
> > ---------------
> >
> >
> >
> > I hope I have provided enough information for my questions. Here
> > they
> are.
> >
> >
> >
> > 1) Everything seems to work fine, I get the login/portal page you
can
> > sign up and validation works, browse the web for as long as you like.
> > If you sit idle for say 30 minutes, then try to browse with an open
> > browser, the Wifidog gateway locks and will lose connection to the
> > Auth
> server.
> >
> > 2) I can't find a way to get the Wifidog to give me more
information
> > besides running it with the command Wifidog -f -d 7 ? No
> > information anywhere else besides this on the screen right before it
locks.
> >
> > [7][Mon Apr 14 16:39:42 2008][2909](auth.c:83) Running fw_counter()
> >
> > [7][Mon Apr 14 16:39:42 2008][2909](fw_iptables.c:510) Read outgoing
> > traffic for 10.0.0.120: Bytes=62228
> >
> >
> >
> > 3) Here is the error on the /var/log/httpd/error_log
> >
> > [Mon Apr 14 16:38:24 2008] [error] [client 192.168.0.212] ModSecurity:
> > Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required.
> > [id "960015"] [msg "Request Missing an Accept Header"] [severity
> > "CRITICAL"] [hostname "192.168.0.205"] [uri
> > "/auth/?stage=counters&ip=10.0.0.120&mac=00:16:6F:6B:B6:9A&token=2fe
> > 63 78088b 8adc4d3e64d7ef3345ac8&incoming=385513&outgoing=62180"]
> > [unique_id "AgVSLn8AAAEAAAhmPRUAAAAB"]
> >
> > [Mon Apr 14 16:38:28 2008] [error] [client 192.168.0.212] ModSecurity:
> > Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required.
> > [id "960015"] [msg "Request Missing an Accept Header"] [severity
> > "CRITICAL"] [hostname "192.168.0.205"] [uri
> > "/ping/?gw_id=ggrwifi&sys_uptime=3503&sys_memfree=1357812&sys_load=0
> > .0 2&wifi dog_uptime=2524"] [unique_id "AkIxF38AAAEAAAhnPWoAAAAC"]
> >
> >
> >
> > Please help as I really excited about this project and I want to use
> > this product as it does exactly what we want it to do.
> >
> > Thanks,
> >
> > Matt
> >
>
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Plus d'informations sur la liste de diffusion WiFiDog