[isf-wifidog] WiFiDog gateway question

Hossein Rafighi Hossein.Rafighi at triumf.ca
Mar 24 Mar 12:35:36 EDT 2009


Running tcpdump is showing the request coming in:
09:29:19.849151 IP 169.254.209.187.netbios-ns > 
169.254.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
09:31:22.259035 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, 
Request from 00:0f:1f:14:92:8d (oui Unknown), length: 300

# cat  /proc/sys/net/ipv4/ip_forward
1
# cat /proc/sys/net/ipv4/ip_dynaddr
1

Also, I've set the following in wifidog.conf:
    FirewallRule allow udp to 192.168.1.0/24
    FirewallRule allow tcp port 80 to 192.168.1.254
My iptable shows:
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination        

Chain FORWARD (policy DROP)
num  target     prot opt source               destination        
1    WiFiDog_default_WIFI2Internet  all  --  anywhere             
anywhere           
2    ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
3    ACCEPT     all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination        

Chain WiFiDog_default_AuthServers (1 references)
num  target     prot opt source               destination        
1    ACCEPT     all  --  anywhere             pcx03.triumf.ca    

Chain WiFiDog_default_Global (1 references)
num  target     prot opt source               destination        
1    ACCEPT     udp  --  anywhere             192.168.1.0/24     
2    ACCEPT     tcp  --  anywhere             192.168.1.254       tcp 
dpt:http

Chain WiFiDog_default_Known (1 references)
num  target     prot opt source               destination        
1    ACCEPT     all  --  anywhere             anywhere           

Chain WiFiDog_default_Locked (1 references)
num  target     prot opt source               destination        

Chain WiFiDog_default_Unknown (1 references)
num  target     prot opt source               destination        
1    ACCEPT     udp  --  anywhere             anywhere            udp 
dpt:domain
2    ACCEPT     tcp  --  anywhere             anywhere            tcp 
dpt:domain
3    ACCEPT     udp  --  anywhere             anywhere            udp 
dpt:bootps
4    ACCEPT     tcp  --  anywhere             anywhere            tcp 
dpt:bootps

Chain WiFiDog_default_Validate (1 references)
num  target     prot opt source               destination        
1    ACCEPT     all  --  anywhere             anywhere           

Chain WiFiDog_default_WIFI2Internet (1 references)
num  target     prot opt source               destination        
1    TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN TCPMSS clamp to PMTU
2    WiFiDog_default_AuthServers  all  --  anywhere             
anywhere           
3    WiFiDog_default_Locked  all  --  anywhere             
anywhere            MARK match 0x254
4    WiFiDog_default_Global  all  --  anywhere             
anywhere           
5    WiFiDog_default_Validate  all  --  anywhere             
anywhere            MARK match 0x1
6    WiFiDog_default_Known  all  --  anywhere             
anywhere            MARK match 0x2
7    WiFiDog_default_Unknown  all  --  anywhere             
anywhere           


Jean-Philippe Menil wrote:
> Henrique Gomes - Gerinf - UEG a écrit :
>   
>> I'm having the same problem, but sometimes i take the green page, saying 
>> that i can't conect.
>>
>> 2009/3/23 Hossein Rafighi <Hossein.Rafighi at triumf.ca 
>> <mailto:Hossein.Rafighi at triumf.ca>>
>>
>>      > My first posting failed! So, here I go again.
>>      >> Hi,
>>      >>
>>      >> I just installed wifidog and Server from
>>      >> http://dev.wifidog.org/wiki/Download. Installation was smooth, but I
>>      >> don't understand why it is not working?!
>>      >> My server has 2 ethernet. eth0 is connected to Internet. eth1 is
>>      >> connected to a repeater (private network). When I connected a laptop
>>      >> to the repeater and start a web browser I get "Addres Not Found"
>>      >> instead of the redirect to login, or sign up page !
>>      >>
>>      >> My server specs are:
>>      >> >cat /proc/version Linux version 2.6.18-128.1.1.el5
>>      >> (brewbuilder at norob.fnal.gov <mailto:brewbuilder at norob.fnal.gov>)
>>     (gcc version 4.1.2 20071124 (Red Hat
>>      >> 4.1.2-42)) #1 SMP Tue Feb 10 11:36:29 EST 2009
>>      >> php-5.1.6-23.el5
>>      >>
>>      >> I pretty much left the wifidog.conf in /etc to default except:
>>      >> GatewayID default
>>      >> ExternalInterface eth0
>>      >> GatewayInterface eth1
>>      >> GatewayAddress 192.168.1.254
>>      >> AuthServer {
>>      >>    Hostname pcx03.triumf.ca <http://pcx03.triumf.ca>
>>      >>    SSLAvailable no --This is a testbed. Once I am satisfied, the
>>      >> production server will be https with ssl!
>>      >>    Path /
>>      >> }
>>      >> CheckInterval 60
>>      >> ClientTimeout 5
>>      >> FirewallRule allow tcp port 80 to 192.168.1.254
>>      >>
>>      >>
>>      >> cat /etc/sysconfig/network-scripts/ifcfg-eth1
>>      >> # Intel Corporation 82566DM-2 Gigabit Network Connection
>>      >> DEVICE=eth1
>>      >> BOOTPROTO=none
>>      >> HWADDR=00:15:17:8d:20:e8
>>      >> ONBOOT=yes
>>      >> NETMASK=255.255.255.0
>>      >> IPADDR=192.168.1.254
>>      >> TYPE=Ethernet
>>      >> bridge=eth0
>>      >>
>>      >> >wifidog -f -d 7 shows:
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:308) Level 1:
>>      >> Resolving auth server [pcx03.triumf.ca <http://pcx03.triumf.ca>]
>>     succeeded = [142.90.100.158]
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:333) Level 1:
>>      >> Connecting to auth server pcx03.triumf.ca:80
>>     <http://pcx03.triumf.ca:80>
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:359) Level 1:
>>      >> Successfully connected to auth server pcx03.triumf.ca:80
>>     <http://pcx03.triumf.ca:80>
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:190) Unlocking
>>      >> config
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:190) Config
>>     unlocked
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:197)
>>     Connected to
>>      >> auth server
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:167) HTTP Request
>>      >> to Server: [GET
>>      >>
>>     /ping/?gw_id=default&sys_uptime=335720&sys_memfree=7522268&sys_load=0.03&wifidog_uptime=60
>>      >> HTTP/1.0
>>      >> User-Agent: WiFiDog 1.1.5
>>      >> Host: pcx03.triumf.ca <http://pcx03.triumf.ca>
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:171) Reading
>>     response
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:199) Read 204
>>      >> bytes, total now 204
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:217) Done reading
>>      >> reply, total 204 bytes
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:221) HTTP Response
>>      >> from Server: [HTTP/1.1 200 OK
>>      >> Date: Mon, 23 Mar 2009 17:37:27 GMT
>>      >> Server: Apache/2.2.3 (Scientific Linux)
>>      >> X-Powered-By: PHP/5.1.6
>>      >> Content-Length: 4
>>      >> Connection: close
>>      >> Content-Type: text/html; charset=UTF-8
>>      >> Pong]
>>      >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:228) Auth Server
>>      >> Says: Pong
>>      >>
>>      >> Any Ideas?
>>      >> Your reply is greatly appreciated in advance.
>>      >> Cheers,
>>      >> Hossein
>>      >>
>>      >
>>
>>     --
>>      _____  _____   _____  _   _  _   _  ____ Hossein Rafighi
>>      |_   _||  _  \ |_   _|| | | || \_/ ||  __|TRIUMF, 4004 Wesbrook Mall
>>       | |  | |_|  )  | |  | | | ||     || |__ Vancouver BC, Canada, V6T 2A3
>>       | |  |  _  /   | |  | \_/ || \_/ ||  __|Voice: (604) 222-1047
>>       | |  | | \ \  _| |_ |     || | | || |   Fax:   (604) 222-1074
>>       |_|  |_|  \_\|_____| \___/ |_| |_||_|   Website: http://www.triumf.ca
>>
>>     _______________________________________________
>>     WiFiDog mailing list
>>     WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org>
>>     http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>     
> Hi,
>
> you must check your dns resolution, and you must be sure that your 
> firewall rules are ok; particulary if you do some nat.
> Have you check this page http://www.aboutdebian.com/proxy.htm?
> Is the ip forwarding activate?
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
>
>
>   

-- 
  _____  _____   _____  _   _  _   _  ____ Hossein Rafighi
 |_   _||  _  \ |_   _|| | | || \_/ ||  __|TRIUMF, 4004 Wesbrook Mall
   | |  | |_|  )  | |  | | | ||     || |__ Vancouver BC, Canada, V6T 2A3
   | |  |  _  /   | |  | \_/ || \_/ ||  __|Voice: (604) 222-1047
   | |  | | \ \  _| |_ |     || | | || |   Fax:   (604) 222-1074
   |_|  |_|  \_\|_____| \___/ |_| |_||_|   Website: http://www.triumf.ca



Plus d'informations sur la liste de diffusion WiFiDog