[isf-wifidog] WiFiDog and the Nintendo DS

Pascal Charest pascal.charest at gmail.com
Mar 13 Mai 06:36:15 EDT 2008


Hi,

I do now know exactly how wifidog process its firewall rules, but lets say
it simply craft netfilters rules and pass them to iptables.

It this case, you don't have any choices other than specifying the range
since the domain-name will be resolved only to one of those addresses and
your rule won't match that often.

Once again, i do not know for wifidog, but I know that iptables does work
with CIDR mask (example : 192.168.1.0/24)...

Pascal

On Mon, May 12, 2008 at 7:48 PM, Robin Jones <Robin at networkfusion.co.uk>
wrote:

> I am trying to answer a question on the ticket system #467 (I have asked
> the guy to use the mailing list, but to no avail), and yet also would
> like to make this work myself...
>
> I know about
> https://dev.wifidog.org/wiki/doc/developer/SupportingDevicesWithNoWebBro
> wser and the simplest way seems to be 2-Whitelist specific servers
>
> Given the fact that these all have hostnames, can firewall rules contain
> these?
>
> If not, can you white list IP Ranges and corresponding ports?
>
> So for example, the servers I would like to white list are as follows:
>
> Contest.nintendo.net - 83.36.93.1 to 83.36.93.255
> Contest.nintendo.net - 61.54.24.1 to 61.54.24.255
> nas.nintendowifi.net - 192.195.204.1 to 192.195.204.255
> gs.nintendowifi.net - 207.38.11.1 to 207.38.11.255
> nus.shop.wii.com - 209.67.106.1 to 209.67.106.255
> rcw.wc24.wii.com - 125.199.254.1 to 125.199.254.255
> cfh.wapp.wii.com - 84.53.134.1 to 84.53.134.255
> weather.wapp.wii.com A - 84.53.136.1 to 84.53.136.255
> weather.wapp.wii.com B - 213.155.151.1 to 213.155.151.255
> opera.com - 213.236.208.1 to 213.236.208.255
> american-sk8land.com - 70.86.183.1 to 70.86.183.255
>
> So would the corresponding firewall rules in wifidog.conf work?:
>
> FirewallRule allow tcp port 28910, 29900,29901,29920,80,443  to
> 83.36.93.1-83.36.93.255
>
> Or
>
> FirewallRule allow tcp port 28910, 29900,29901,29920,80,443  to
> Contest.nintendo.net
>
>
> It has also been recommended to allow all udp traffic, would this be a
> security risk?
>
>
>
> Thanks,
>
>
> Robin Jones.
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>



-- 
Pascal Charest, Free software consultant {GNU/Linux}
http://blog.pacharest.com
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080513/7a6ca295/attachment.htm 


Plus d'informations sur la liste de diffusion WiFiDog