[isf-wifidog] WiFiDog gateway question
Hossein Rafighi
Hossein.Rafighi at triumf.ca
Mar 24 Mar 12:35:36 EDT 2009
Running tcpdump is showing the request coming in:
09:29:19.849151 IP 169.254.209.187.netbios-ns >
169.254.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
09:31:22.259035 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:0f:1f:14:92:8d (oui Unknown), length: 300
# cat /proc/sys/net/ipv4/ip_forward
1
# cat /proc/sys/net/ipv4/ip_dynaddr
1
Also, I've set the following in wifidog.conf:
FirewallRule allow udp to 192.168.1.0/24
FirewallRule allow tcp port 80 to 192.168.1.254
My iptable shows:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy DROP)
num target prot opt source destination
1 WiFiDog_default_WIFI2Internet all -- anywhere
anywhere
2 ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
3 ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain WiFiDog_default_AuthServers (1 references)
num target prot opt source destination
1 ACCEPT all -- anywhere pcx03.triumf.ca
Chain WiFiDog_default_Global (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere 192.168.1.0/24
2 ACCEPT tcp -- anywhere 192.168.1.254 tcp
dpt:http
Chain WiFiDog_default_Known (1 references)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
Chain WiFiDog_default_Locked (1 references)
num target prot opt source destination
Chain WiFiDog_default_Unknown (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp
dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp
dpt:domain
3 ACCEPT udp -- anywhere anywhere udp
dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp
dpt:bootps
Chain WiFiDog_default_Validate (1 references)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
Chain WiFiDog_default_WIFI2Internet (1 references)
num target prot opt source destination
1 TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
2 WiFiDog_default_AuthServers all -- anywhere
anywhere
3 WiFiDog_default_Locked all -- anywhere
anywhere MARK match 0x254
4 WiFiDog_default_Global all -- anywhere
anywhere
5 WiFiDog_default_Validate all -- anywhere
anywhere MARK match 0x1
6 WiFiDog_default_Known all -- anywhere
anywhere MARK match 0x2
7 WiFiDog_default_Unknown all -- anywhere
anywhere
Jean-Philippe Menil wrote:
> Henrique Gomes - Gerinf - UEG a écrit :
>
>> I'm having the same problem, but sometimes i take the green page, saying
>> that i can't conect.
>>
>> 2009/3/23 Hossein Rafighi <Hossein.Rafighi at triumf.ca
>> <mailto:Hossein.Rafighi at triumf.ca>>
>>
>> > My first posting failed! So, here I go again.
>> >> Hi,
>> >>
>> >> I just installed wifidog and Server from
>> >> http://dev.wifidog.org/wiki/Download. Installation was smooth, but I
>> >> don't understand why it is not working?!
>> >> My server has 2 ethernet. eth0 is connected to Internet. eth1 is
>> >> connected to a repeater (private network). When I connected a laptop
>> >> to the repeater and start a web browser I get "Addres Not Found"
>> >> instead of the redirect to login, or sign up page !
>> >>
>> >> My server specs are:
>> >> >cat /proc/version Linux version 2.6.18-128.1.1.el5
>> >> (brewbuilder at norob.fnal.gov <mailto:brewbuilder at norob.fnal.gov>)
>> (gcc version 4.1.2 20071124 (Red Hat
>> >> 4.1.2-42)) #1 SMP Tue Feb 10 11:36:29 EST 2009
>> >> php-5.1.6-23.el5
>> >>
>> >> I pretty much left the wifidog.conf in /etc to default except:
>> >> GatewayID default
>> >> ExternalInterface eth0
>> >> GatewayInterface eth1
>> >> GatewayAddress 192.168.1.254
>> >> AuthServer {
>> >> Hostname pcx03.triumf.ca <http://pcx03.triumf.ca>
>> >> SSLAvailable no --This is a testbed. Once I am satisfied, the
>> >> production server will be https with ssl!
>> >> Path /
>> >> }
>> >> CheckInterval 60
>> >> ClientTimeout 5
>> >> FirewallRule allow tcp port 80 to 192.168.1.254
>> >>
>> >>
>> >> cat /etc/sysconfig/network-scripts/ifcfg-eth1
>> >> # Intel Corporation 82566DM-2 Gigabit Network Connection
>> >> DEVICE=eth1
>> >> BOOTPROTO=none
>> >> HWADDR=00:15:17:8d:20:e8
>> >> ONBOOT=yes
>> >> NETMASK=255.255.255.0
>> >> IPADDR=192.168.1.254
>> >> TYPE=Ethernet
>> >> bridge=eth0
>> >>
>> >> >wifidog -f -d 7 shows:
>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:308) Level 1:
>> >> Resolving auth server [pcx03.triumf.ca <http://pcx03.triumf.ca>]
>> succeeded = [142.90.100.158]
>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:333) Level 1:
>> >> Connecting to auth server pcx03.triumf.ca:80
>> <http://pcx03.triumf.ca:80>
>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:359) Level 1:
>> >> Successfully connected to auth server pcx03.triumf.ca:80
>> <http://pcx03.triumf.ca:80>
>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:190) Unlocking
>> >> config
>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:190) Config
>> unlocked
>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:197)
>> Connected to
>> >> auth server
>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:167) HTTP Request
>> >> to Server: [GET
>> >>
>> /ping/?gw_id=default&sys_uptime=335720&sys_memfree=7522268&sys_load=0.03&wifidog_uptime=60
>> >> HTTP/1.0
>> >> User-Agent: WiFiDog 1.1.5
>> >> Host: pcx03.triumf.ca <http://pcx03.triumf.ca>
>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:171) Reading
>> response
>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:199) Read 204
>> >> bytes, total now 204
>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:217) Done reading
>> >> reply, total 204 bytes
>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:221) HTTP Response
>> >> from Server: [HTTP/1.1 200 OK
>> >> Date: Mon, 23 Mar 2009 17:37:27 GMT
>> >> Server: Apache/2.2.3 (Scientific Linux)
>> >> X-Powered-By: PHP/5.1.6
>> >> Content-Length: 4
>> >> Connection: close
>> >> Content-Type: text/html; charset=UTF-8
>> >> Pong]
>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:228) Auth Server
>> >> Says: Pong
>> >>
>> >> Any Ideas?
>> >> Your reply is greatly appreciated in advance.
>> >> Cheers,
>> >> Hossein
>> >>
>> >
>>
>> --
>> _____ _____ _____ _ _ _ _ ____ Hossein Rafighi
>> |_ _|| _ \ |_ _|| | | || \_/ || __|TRIUMF, 4004 Wesbrook Mall
>> | | | |_| ) | | | | | || || |__ Vancouver BC, Canada, V6T 2A3
>> | | | _ / | | | \_/ || \_/ || __|Voice: (604) 222-1047
>> | | | | \ \ _| |_ | || | | || | Fax: (604) 222-1074
>> |_| |_| \_\|_____| \___/ |_| |_||_| Website: http://www.triumf.ca
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org>
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
> Hi,
>
> you must check your dns resolution, and you must be sure that your
> firewall rules are ok; particulary if you do some nat.
> Have you check this page http://www.aboutdebian.com/proxy.htm?
> Is the ip forwarding activate?
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
>
>
>
--
_____ _____ _____ _ _ _ _ ____ Hossein Rafighi
|_ _|| _ \ |_ _|| | | || \_/ || __|TRIUMF, 4004 Wesbrook Mall
| | | |_| ) | | | | | || || |__ Vancouver BC, Canada, V6T 2A3
| | | _ / | | | \_/ || \_/ || __|Voice: (604) 222-1047
| | | | \ \ _| |_ | || | | || | Fax: (604) 222-1074
|_| |_| \_\|_____| \___/ |_| |_||_| Website: http://www.triumf.ca
Plus d'informations sur la liste de diffusion WiFiDog