[isf-wifidog] WiFiDog gateway question
Hossein Rafighi
Hossein.Rafighi at triumf.ca
Jeu 26 Mar 16:46:29 EDT 2009
Does anyone on this list have any answer? I am yet to hear any advise on
this. I've followed the instructions to the letters and still can't see
the login/sign on page.
My iptables -nvL shows:
Chain INPUT (policy ACCEPT 131 packets, 15081 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 66 packets, 10669 bytes)
pkts bytes target prot opt in out source
destination
Chain WiFiDog_0015178D20E8_Global (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.1.0/27
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.1.0/27
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
Chain WiFiDog_0015178D20E8_Known (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain WiFiDog_0015178D20E8_Locked (0 references)
pkts bytes target prot opt in out source
destination
Chain WiFiDog_0015178D20E8_Unknown (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:67
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain WiFiDog_0015178D20E8_Validate (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Hossein Rafighi wrote:
> Running tcpdump is showing the request coming in:
> 09:29:19.849151 IP 169.254.209.187.netbios-ns >
> 169.254.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> 09:31:22.259035 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
> Request from 00:0f:1f:14:92:8d (oui Unknown), length: 300
>
> # cat /proc/sys/net/ipv4/ip_forward
> 1
> # cat /proc/sys/net/ipv4/ip_dynaddr
> 1
>
> Also, I've set the following in wifidog.conf:
> FirewallRule allow udp to 192.168.1.0/24
> FirewallRule allow tcp port 80 to 192.168.1.254
> My iptable shows:
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
>
> Chain FORWARD (policy DROP)
> num target prot opt source destination
> 1 WiFiDog_default_WIFI2Internet all -- anywhere
> anywhere
> 2 ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> 3 ACCEPT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> num target prot opt source destination
>
> Chain WiFiDog_default_AuthServers (1 references)
> num target prot opt source destination
> 1 ACCEPT all -- anywhere pcx03.triumf.ca
>
> Chain WiFiDog_default_Global (1 references)
> num target prot opt source destination
> 1 ACCEPT udp -- anywhere 192.168.1.0/24
> 2 ACCEPT tcp -- anywhere 192.168.1.254 tcp
> dpt:http
>
> Chain WiFiDog_default_Known (1 references)
> num target prot opt source destination
> 1 ACCEPT all -- anywhere anywhere
>
> Chain WiFiDog_default_Locked (1 references)
> num target prot opt source destination
>
> Chain WiFiDog_default_Unknown (1 references)
> num target prot opt source destination
> 1 ACCEPT udp -- anywhere anywhere udp
> dpt:domain
> 2 ACCEPT tcp -- anywhere anywhere tcp
> dpt:domain
> 3 ACCEPT udp -- anywhere anywhere udp
> dpt:bootps
> 4 ACCEPT tcp -- anywhere anywhere tcp
> dpt:bootps
>
> Chain WiFiDog_default_Validate (1 references)
> num target prot opt source destination
> 1 ACCEPT all -- anywhere anywhere
>
> Chain WiFiDog_default_WIFI2Internet (1 references)
> num target prot opt source destination
> 1 TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> 2 WiFiDog_default_AuthServers all -- anywhere
> anywhere
> 3 WiFiDog_default_Locked all -- anywhere
> anywhere MARK match 0x254
> 4 WiFiDog_default_Global all -- anywhere
> anywhere
> 5 WiFiDog_default_Validate all -- anywhere
> anywhere MARK match 0x1
> 6 WiFiDog_default_Known all -- anywhere
> anywhere MARK match 0x2
> 7 WiFiDog_default_Unknown all -- anywhere
> anywhere
>
>
> Jean-Philippe Menil wrote:
>
>> Henrique Gomes - Gerinf - UEG a écrit :
>>
>>
>>> I'm having the same problem, but sometimes i take the green page, saying
>>> that i can't conect.
>>>
>>> 2009/3/23 Hossein Rafighi <Hossein.Rafighi at triumf.ca
>>> <mailto:Hossein.Rafighi at triumf.ca>>
>>>
>>> > My first posting failed! So, here I go again.
>>> >> Hi,
>>> >>
>>> >> I just installed wifidog and Server from
>>> >> http://dev.wifidog.org/wiki/Download. Installation was smooth, but I
>>> >> don't understand why it is not working?!
>>> >> My server has 2 ethernet. eth0 is connected to Internet. eth1 is
>>> >> connected to a repeater (private network). When I connected a laptop
>>> >> to the repeater and start a web browser I get "Addres Not Found"
>>> >> instead of the redirect to login, or sign up page !
>>> >>
>>> >> My server specs are:
>>> >> >cat /proc/version Linux version 2.6.18-128.1.1.el5
>>> >> (brewbuilder at norob.fnal.gov <mailto:brewbuilder at norob.fnal.gov>)
>>> (gcc version 4.1.2 20071124 (Red Hat
>>> >> 4.1.2-42)) #1 SMP Tue Feb 10 11:36:29 EST 2009
>>> >> php-5.1.6-23.el5
>>> >>
>>> >> I pretty much left the wifidog.conf in /etc to default except:
>>> >> GatewayID default
>>> >> ExternalInterface eth0
>>> >> GatewayInterface eth1
>>> >> GatewayAddress 192.168.1.254
>>> >> AuthServer {
>>> >> Hostname pcx03.triumf.ca <http://pcx03.triumf.ca>
>>> >> SSLAvailable no --This is a testbed. Once I am satisfied, the
>>> >> production server will be https with ssl!
>>> >> Path /
>>> >> }
>>> >> CheckInterval 60
>>> >> ClientTimeout 5
>>> >> FirewallRule allow tcp port 80 to 192.168.1.254
>>> >>
>>> >>
>>> >> cat /etc/sysconfig/network-scripts/ifcfg-eth1
>>> >> # Intel Corporation 82566DM-2 Gigabit Network Connection
>>> >> DEVICE=eth1
>>> >> BOOTPROTO=none
>>> >> HWADDR=00:15:17:8d:20:e8
>>> >> ONBOOT=yes
>>> >> NETMASK=255.255.255.0
>>> >> IPADDR=192.168.1.254
>>> >> TYPE=Ethernet
>>> >> bridge=eth0
>>> >>
>>> >> >wifidog -f -d 7 shows:
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:308) Level 1:
>>> >> Resolving auth server [pcx03.triumf.ca <http://pcx03.triumf.ca>]
>>> succeeded = [142.90.100.158]
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:333) Level 1:
>>> >> Connecting to auth server pcx03.triumf.ca:80
>>> <http://pcx03.triumf.ca:80>
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:359) Level 1:
>>> >> Successfully connected to auth server pcx03.triumf.ca:80
>>> <http://pcx03.triumf.ca:80>
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:190) Unlocking
>>> >> config
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:190) Config
>>> unlocked
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](centralserver.c:197)
>>> Connected to
>>> >> auth server
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:167) HTTP Request
>>> >> to Server: [GET
>>> >>
>>> /ping/?gw_id=default&sys_uptime=335720&sys_memfree=7522268&sys_load=0.03&wifidog_uptime=60
>>> >> HTTP/1.0
>>> >> User-Agent: WiFiDog 1.1.5
>>> >> Host: pcx03.triumf.ca <http://pcx03.triumf.ca>
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:171) Reading
>>> response
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:199) Read 204
>>> >> bytes, total now 204
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:217) Done reading
>>> >> reply, total 204 bytes
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:221) HTTP Response
>>> >> from Server: [HTTP/1.1 200 OK
>>> >> Date: Mon, 23 Mar 2009 17:37:27 GMT
>>> >> Server: Apache/2.2.3 (Scientific Linux)
>>> >> X-Powered-By: PHP/5.1.6
>>> >> Content-Length: 4
>>> >> Connection: close
>>> >> Content-Type: text/html; charset=UTF-8
>>> >> Pong]
>>> >> [7][Mon Mar 23 10:37:27 2009][3752](ping_thread.c:228) Auth Server
>>> >> Says: Pong
>>> >>
>>> >> Any Ideas?
>>> >> Your reply is greatly appreciated in advance.
>>> >> Cheers,
>>> >> Hossein
>>> >>
>>> >
>>>
>>> --
>>> _____ _____ _____ _ _ _ _ ____ Hossein Rafighi
>>> |_ _|| _ \ |_ _|| | | || \_/ || __|TRIUMF, 4004 Wesbrook Mall
>>> | | | |_| ) | | | | | || || |__ Vancouver BC, Canada, V6T 2A3
>>> | | | _ / | | | \_/ || \_/ || __|Voice: (604) 222-1047
>>> | | | | \ \ _| |_ | || | | || | Fax: (604) 222-1074
>>> |_| |_| \_\|_____| \___/ |_| |_||_| Website: http://www.triumf.ca
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org>
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>
>>>
>> Hi,
>>
>> you must check your dns resolution, and you must be sure that your
>> firewall rules are ok; particulary if you do some nat.
>> Have you check this page http://www.aboutdebian.com/proxy.htm?
>> Is the ip forwarding activate?
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>
>>
>>
>>
>>
>
>
--
_____ _____ _____ _ _ _ _ ____ Hossein Rafighi
|_ _|| _ \ |_ _|| | | || \_/ || __|TRIUMF, 4004 Wesbrook Mall
| | | |_| ) | | | | | || || |__ Vancouver BC, Canada, V6T 2A3
| | | _ / | | | \_/ || \_/ || __|Voice: (604) 222-1047
| | | | \ \ _| |_ | || | | || | Fax: (604) 222-1074
|_| |_| \_\|_____| \___/ |_| |_||_| Website: http://www.triumf.ca
Plus d'informations sur la liste de diffusion WiFiDog