[isf-wifidog] Shorewall Rules for WiFiDog
Menil Jean-Philippe
Jean-Philippe.Menil at univ-nantes.fr
Mar 1 Sep 10:27:18 EDT 2009
Matthew Tavenor a écrit :
> Hello All,
>
> I am in the process of creating new router/firewall/wifidog boxes for our 96+ Public Libraries. Currently I am running WifiDog on an Optiplex 755 Small Form Factor running Ubuntu. This is working out great but I am trying to merge all services/servers into one system in order to save space and keep cost down.
>
> My question is: Does anyone know the Shorewall rules needed to make WifiDog work on Ubuntu?
>
> Current setup is:
>
> Optiplex 755
> 3 Network Cards - Internet, LAN, WiFi (Internet goes to DSL/Fibre, LAN Gigabit Network, WiFi goes to Linksys WRT54G*Access Point)
> Shorewall
> Dansguardian
> Squid
> DHCP3
> WifiDog
>
> Everything is working and routing fine, just can't get the captive portal to redirect. (Due to firewall rules)
>
> Any help would be appreciated. http://wifi.nlpl.ca
>
> Thanks,
> Matt
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4386 (20090901) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
>
> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
>
> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,
it sounds related to the nat table?
verify that you have theses rules:
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED
-j ACCEPT
# SNAT (MASQUERADE) sur eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Where eth1 is the interface, your client are connected on.
--
Menil Jean-Philippe
DSI de l'Université de Nantes
tél: 02 51 12 53 92
Fax: 02 51 12 58 60
Jean-Philippe.Menil at univ-nantes.fr
Plus d'informations sur la liste de diffusion WiFiDog