[isf-wifidog] ping OK, but no login (DDWRT)
pslists
pslists at gmail.com
Lun 22 Juin 08:50:49 EDT 2009
I am trying to configure WiFiDog on my WRT54G 1.1 running DD-WRT v24-sp2
(01/01/09) std - build 11296M NEWD Eko.
Before enabling WiFiDog, wireless clients can access the internet, but
once it is enabled they timeout. They can access the WiFiDog status page
on port 2060.
WiFiDog is connected to the authorisation server and the Internet, and I
can see the pings in the server log, but there are no login requests in
the log.
The network configuration is an ADSL router providing a NATted subnet
192.168.0.0/24 to which is connected the WAN port of the WRT54G with
address 192.168.0.2. The WRT54G is running as a gateway and NATting to
subnet 192.168.5.0/24 and its own address is 192.168.5.2. The
authorisation server is a Synology DS207+ NAS server with address
192.168.0.16 which is running Apache/PHP and is also the DNS server.
As the Synology doesn't have PostgreSQL, I have started by using
wifidog-auth-lite, and will build my simple requirements on that and
using MySQL. As I said the ping is working and accepted by the WiFiDog
gateway, but no login requests are forwarded.
Could someone, please, point me to the error of my ways?
Pete
/tmp/etc/wifidog.conf
GatewayID xxxxxxx
ExternalInterface vlan1
GatewayInterface br0
GatewayPort 2060
HTTPDMaxConn 10
HTTPDName WiFiDog
CheckInterval 60
ClientTimeout 60
TrustedMACList
AuthServer {
Hostname xxxxxxx (actual hostname resolved by DNS and Apache to
auth server web site)
SSLAvailable no
SSLPort 443
HTTPPort 80
Path /wifidog/
}
FirewallRuleSet validating-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet known-users {
FirewallRule allow to 0.0.0.0/0
}
FirewallRuleSet unknown-users {
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
}
FirewallRuleSet locked-users {
FirewallRule block to 0.0.0.0/0
}
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state
RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp
dpt:route
DROP udp -- anywhere anywhere udp
dpt:route
ACCEPT udp -- anywhere anywhere udp
dpt:route
logaccept tcp -- anywhere DD-WRT tcp dpt:www
logaccept tcp -- anywhere DD-WRT tcp dpt:ssh
DROP icmp -- anywhere anywhere
DROP igmp -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW
logaccept 0 -- anywhere anywhere state NEW
DROP 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
WiFiDog_WIFI2Internet 0 -- anywhere anywhere
ACCEPT gre -- 192.168.5.0/24 anywhere
ACCEPT tcp -- 192.168.5.0/24 anywhere tcp
dpt:1723
ACCEPT 0 -- anywhere anywhere
logdrop 0 -- anywhere anywhere state
INVALID
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
lan2wan 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state
RELATED,ESTABLISHED
TRIGGER 0 -- anywhere anywhere TRIGGER
type:in match:0 relate:0
trigger_out 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW
DROP 0 -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain WiFiDog_AuthServers (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere Vulcan.xshew.org
Chain WiFiDog_Global (1 references)
target prot opt source destination
Chain WiFiDog_Known (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Chain WiFiDog_Locked (1 references)
target prot opt source destination
REJECT 0 -- anywhere anywhere
reject-with icmp-port-unreachable
Chain WiFiDog_Unknown (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
dpt:domain
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain
ACCEPT udp -- anywhere anywhere udp
dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp
dpt:bootps
REJECT 0 -- anywhere anywhere
reject-with icmp-port-unreachable
Chain WiFiDog_Validate (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Chain WiFiDog_WIFI2Internet (1 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state
INVALID
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
WiFiDog_AuthServers 0 -- anywhere anywhere
WiFiDog_Locked 0 -- anywhere anywhere
MARK match 0x254
WiFiDog_Global 0 -- anywhere anywhere
WiFiDog_Validate 0 -- anywhere anywhere
MARK match 0x1
WiFiDog_Known 0 -- anywhere anywhere
MARK match 0x2
WiFiDog_Unknown 0 -- anywhere anywhere
Chain advgrp_1 (0 references)
target prot opt source destination
Chain advgrp_10 (0 references)
target prot opt source destination
Chain advgrp_2 (0 references)
target prot opt source destination
Chain advgrp_3 (0 references)
target prot opt source destination
Chain advgrp_4 (0 references)
target prot opt source destination
Chain advgrp_5 (0 references)
target prot opt source destination
Chain advgrp_6 (0 references)
target prot opt source destination
Chain advgrp_7 (0 references)
target prot opt source destination
Chain advgrp_8 (0 references)
target prot opt source destination
Chain advgrp_9 (0 references)
target prot opt source destination
Chain grp_1 (0 references)
target prot opt source destination
Chain grp_10 (0 references)
target prot opt source destination
Chain grp_2 (0 references)
target prot opt source destination
Chain grp_3 (0 references)
target prot opt source destination
Chain grp_4 (0 references)
target prot opt source destination
Chain grp_5 (0 references)
target prot opt source destination
Chain grp_6 (0 references)
target prot opt source destination
Chain grp_7 (0 references)
target prot opt source destination
Chain grp_8 (0 references)
target prot opt source destination
Chain grp_9 (0 references)
target prot opt source destination
Chain lan2wan (1 references)
target prot opt source destination
Chain logaccept (3 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Chain logdrop (1 references)
target prot opt source destination
DROP 0 -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp
reject-with tcp-reset
Chain trigger_out (1 references)
target prot opt source destination
root at DD-WRT:/tmp/etc# ifconfig -a
br0 Link encap:Ethernet HWaddr 00:06:25:FF:9D:80
inet addr:192.168.5.2 Bcast:192.168.5.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15676 errors:0 dropped:0 overruns:0 frame:0
TX packets:2701 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1596127 (1.5 MiB) TX bytes:270890 (264.5 KiB)
br0:0 Link encap:Ethernet HWaddr 00:06:25:FF:9D:80
inet addr:169.254.255.1 Bcast:169.254.255.255
Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 00:06:25:FF:9D:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30725 errors:0 dropped:0 overruns:0 frame:0
TX packets:13791 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4820506 (4.5 MiB) TX bytes:2943117 (2.8 MiB)
Interrupt:3
eth1 Link encap:Ethernet HWaddr 00:06:25:FF:9D:81
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:4
eth2 Link encap:Ethernet HWaddr 00:06:25:FF:9D:82
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3796 errors:0 dropped:0 overruns:0 frame:823442
TX packets:3815 errors:1112 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:389766 (380.6 KiB) TX bytes:559501 (546.3 KiB)
Interrupt:6 Base address:0x2000
etherip0 Link encap:Ethernet HWaddr 1A:A9:6C:FD:D0:48
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:1888 errors:0 dropped:0 overruns:0 frame:0
TX packets:1888 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:165636 (161.7 KiB) TX bytes:165636 (161.7 KiB)
teql0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vlan0 Link encap:Ethernet HWaddr 00:06:25:FF:9D:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1112 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:231654 (226.2 KiB)
vlan1 Link encap:Ethernet HWaddr 00:06:25:FF:9D:81
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30724 errors:0 dropped:0 overruns:0 frame:0
TX packets:12680 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4267300 (4.0 MiB) TX bytes:2644243 (2.5 MiB)
wl0.1 Link encap:Ethernet HWaddr 00:06:25:FF:9D:82
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
__________ Information from ESET Smart Security, version of virus signature database 4177 (20090622) __________
The message was checked by ESET Smart Security.
http://www.eset.com
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20090622/fd758a87/attachment-0001.htm
Plus d'informations sur la liste de diffusion WiFiDog