[isf-wifidog] ping OK, but no login (DDWRT)

pslists pslists at gmail.com
Lun 22 Juin 08:50:49 EDT 2009


I am trying to configure WiFiDog on my WRT54G 1.1 running DD-WRT v24-sp2 
(01/01/09) std - build 11296M NEWD Eko.

Before enabling WiFiDog, wireless clients can access the internet, but 
once it is enabled they timeout. They can access the WiFiDog status page 
on port 2060.

WiFiDog is connected to the authorisation server and the Internet, and I 
can see the pings in the server log, but there are no login requests in 
the log.

The network configuration is an ADSL router providing a NATted subnet 
192.168.0.0/24 to which is connected the WAN port of the WRT54G with 
address 192.168.0.2. The WRT54G is running as a gateway and NATting to 
subnet 192.168.5.0/24 and its own address is 192.168.5.2. The 
authorisation server is a Synology DS207+ NAS server with address 
192.168.0.16 which is running Apache/PHP and is also the  DNS server.

As the Synology doesn't have PostgreSQL, I have started by using 
wifidog-auth-lite, and will build my simple requirements on that and 
using MySQL. As I said the ping is working and accepted by the WiFiDog 
gateway, but no login requests are forwarded.

Could someone, please, point me to the error of my ways?

Pete

/tmp/etc/wifidog.conf

    GatewayID xxxxxxx

    ExternalInterface vlan1

    GatewayInterface br0

    GatewayPort 2060

    HTTPDMaxConn 10

    HTTPDName WiFiDog

    CheckInterval 60

    ClientTimeout 60

    TrustedMACList

    AuthServer {

    Hostname xxxxxxx     (actual hostname resolved by DNS and Apache to
    auth server web site)

    SSLAvailable no

    SSLPort 443

    HTTPPort 80

    Path /wifidog/

    }

    FirewallRuleSet validating-users {

    FirewallRule allow to 0.0.0.0/0

    }

    FirewallRuleSet known-users {

    FirewallRule allow to 0.0.0.0/0

    }

    FirewallRuleSet unknown-users {

    FirewallRule allow udp port 53

    FirewallRule allow tcp port 53

    FirewallRule allow udp port 67

    FirewallRule allow tcp port 67

    }

    FirewallRuleSet locked-users {

    FirewallRule block to 0.0.0.0/0

    }

iptables -L

    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     0    --  anywhere             anywhere            state
    RELATED,ESTABLISHED
    DROP       udp  --  anywhere             anywhere            udp
    dpt:route
    DROP       udp  --  anywhere             anywhere            udp
    dpt:route
    ACCEPT     udp  --  anywhere             anywhere            udp
    dpt:route
    logaccept  tcp  --  anywhere             DD-WRT              tcp dpt:www
    logaccept  tcp  --  anywhere             DD-WRT              tcp dpt:ssh
    DROP       icmp --  anywhere             anywhere
    DROP       igmp --  anywhere             anywhere
    ACCEPT     0    --  anywhere             anywhere            state NEW
    logaccept  0    --  anywhere             anywhere            state NEW
    DROP       0    --  anywhere             anywhere

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    WiFiDog_WIFI2Internet  0    --  anywhere             anywhere
    ACCEPT     gre  --  192.168.5.0/24       anywhere
    ACCEPT     tcp  --  192.168.5.0/24       anywhere            tcp
    dpt:1723
    ACCEPT     0    --  anywhere             anywhere
    logdrop    0    --  anywhere             anywhere            state
    INVALID
    TCPMSS     tcp  --  anywhere             anywhere            tcp
    flags:SYN,RST/SYN TCPMSS clamp to PMTU
    lan2wan    0    --  anywhere             anywhere
    ACCEPT     0    --  anywhere             anywhere            state
    RELATED,ESTABLISHED
    TRIGGER    0    --  anywhere             anywhere            TRIGGER
    type:in match:0 relate:0
    trigger_out  0    --  anywhere             anywhere
    ACCEPT     0    --  anywhere             anywhere            state NEW
    DROP       0    --  anywhere             anywhere

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

    Chain WiFiDog_AuthServers (1 references)
    target     prot opt source               destination
    ACCEPT     0    --  anywhere             Vulcan.xshew.org

    Chain WiFiDog_Global (1 references)
    target     prot opt source               destination

    Chain WiFiDog_Known (1 references)
    target     prot opt source               destination
    ACCEPT     0    --  anywhere             anywhere

    Chain WiFiDog_Locked (1 references)
    target     prot opt source               destination
    REJECT     0    --  anywhere             anywhere           
    reject-with icmp-port-unreachable

    Chain WiFiDog_Unknown (1 references)
    target     prot opt source               destination
    ACCEPT     udp  --  anywhere             anywhere            udp
    dpt:domain
    ACCEPT     tcp  --  anywhere             anywhere            tcp
    dpt:domain
    ACCEPT     udp  --  anywhere             anywhere            udp
    dpt:bootps
    ACCEPT     tcp  --  anywhere             anywhere            tcp
    dpt:bootps
    REJECT     0    --  anywhere             anywhere           
    reject-with icmp-port-unreachable

    Chain WiFiDog_Validate (1 references)
    target     prot opt source               destination
    ACCEPT     0    --  anywhere             anywhere

    Chain WiFiDog_WIFI2Internet (1 references)
    target     prot opt source               destination
    DROP       0    --  anywhere             anywhere            state
    INVALID
    TCPMSS     tcp  --  anywhere             anywhere            tcp
    flags:SYN,RST/SYN TCPMSS clamp to PMTU
    WiFiDog_AuthServers  0    --  anywhere             anywhere
    WiFiDog_Locked  0    --  anywhere             anywhere           
    MARK match 0x254
    WiFiDog_Global  0    --  anywhere             anywhere
    WiFiDog_Validate  0    --  anywhere             anywhere           
    MARK match 0x1
    WiFiDog_Known  0    --  anywhere             anywhere           
    MARK match 0x2
    WiFiDog_Unknown  0    --  anywhere             anywhere

    Chain advgrp_1 (0 references)
    target     prot opt source               destination

    Chain advgrp_10 (0 references)
    target     prot opt source               destination

    Chain advgrp_2 (0 references)
    target     prot opt source               destination

    Chain advgrp_3 (0 references)
    target     prot opt source               destination

    Chain advgrp_4 (0 references)
    target     prot opt source               destination

    Chain advgrp_5 (0 references)
    target     prot opt source               destination

    Chain advgrp_6 (0 references)
    target     prot opt source               destination

    Chain advgrp_7 (0 references)
    target     prot opt source               destination

    Chain advgrp_8 (0 references)
    target     prot opt source               destination

    Chain advgrp_9 (0 references)
    target     prot opt source               destination

    Chain grp_1 (0 references)
    target     prot opt source               destination

    Chain grp_10 (0 references)
    target     prot opt source               destination

    Chain grp_2 (0 references)
    target     prot opt source               destination

    Chain grp_3 (0 references)
    target     prot opt source               destination

    Chain grp_4 (0 references)
    target     prot opt source               destination

    Chain grp_5 (0 references)
    target     prot opt source               destination

    Chain grp_6 (0 references)
    target     prot opt source               destination

    Chain grp_7 (0 references)
    target     prot opt source               destination

    Chain grp_8 (0 references)
    target     prot opt source               destination

    Chain grp_9 (0 references)
    target     prot opt source               destination

    Chain lan2wan (1 references)
    target     prot opt source               destination

    Chain logaccept (3 references)
    target     prot opt source               destination
    ACCEPT     0    --  anywhere             anywhere

    Chain logdrop (1 references)
    target     prot opt source               destination
    DROP       0    --  anywhere             anywhere

    Chain logreject (0 references)
    target     prot opt source               destination
    REJECT     tcp  --  anywhere             anywhere            tcp
    reject-with tcp-reset

    Chain trigger_out (1 references)
    target     prot opt source               destination

root at DD-WRT:/tmp/etc# ifconfig -a

    br0       Link encap:Ethernet  HWaddr 00:06:25:FF:9D:80
              inet addr:192.168.5.2  Bcast:192.168.5.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:15676 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2701 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:1596127 (1.5 MiB)  TX bytes:270890 (264.5 KiB)

    br0:0     Link encap:Ethernet  HWaddr 00:06:25:FF:9D:80
              inet addr:169.254.255.1  Bcast:169.254.255.255 
    Mask:255.255.0.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

    eth0      Link encap:Ethernet  HWaddr 00:06:25:FF:9D:80
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:30725 errors:0 dropped:0 overruns:0 frame:0
              TX packets:13791 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:4820506 (4.5 MiB)  TX bytes:2943117 (2.8 MiB)
              Interrupt:3

    eth1      Link encap:Ethernet  HWaddr 00:06:25:FF:9D:81
              BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:4

    eth2      Link encap:Ethernet  HWaddr 00:06:25:FF:9D:82
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:3796 errors:0 dropped:0 overruns:0 frame:823442
              TX packets:3815 errors:1112 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:389766 (380.6 KiB)  TX bytes:559501 (546.3 KiB)
              Interrupt:6 Base address:0x2000

    etherip0  Link encap:Ethernet  HWaddr 1A:A9:6C:FD:D0:48
              BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
              RX packets:1888 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1888 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:165636 (161.7 KiB)  TX bytes:165636 (161.7 KiB)

    teql0     Link encap:UNSPEC  HWaddr
    00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              NOARP  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    vlan0     Link encap:Ethernet  HWaddr 00:06:25:FF:9D:80
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1112 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:231654 (226.2 KiB)

    vlan1     Link encap:Ethernet  HWaddr 00:06:25:FF:9D:81
              inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:30724 errors:0 dropped:0 overruns:0 frame:0
              TX packets:12680 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:4267300 (4.0 MiB)  TX bytes:2644243 (2.5 MiB)

    wl0.1     Link encap:Ethernet  HWaddr 00:06:25:FF:9D:82
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)




__________ Information from ESET Smart Security, version of virus signature database 4177 (20090622) __________

The message was checked by ESET Smart Security.

http://www.eset.com

-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20090622/fd758a87/attachment-0001.htm 


Plus d'informations sur la liste de diffusion WiFiDog