[isf-wifidog] Shorewall Rules for WiFiDog

Matthew Tavenor mtavenor at nlpl.ca
Mer 2 Sep 07:03:30 EDT 2009

Thanks Menil Jean-Philippe,

But the Masquerading and routing is working fine.  I am getting the authentication page, able to login, but as soon as I am authenticated no traffic will reach the Wireless Laptop.

Eth0 - Ineternet (outside IP)
Eth1 - LAN (
Eth2 - Wired to Linksys (

Default Policy in Shorewall:

Source - Destination
Eth2(wireless)  Eth0(Internet)  Accept

Masquerading is setup for both eth1 and eth2.

Any help on why web traffic is not reaching wireless client after successful login?


-----Original Message-----
From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Menil Jean-Philippe
Sent: Tuesday, September 01, 2009 11:57 AM
To: WiFiDog Captive Portal
Subject: Re: [isf-wifidog] Shorewall Rules for WiFiDog

Matthew Tavenor a écrit :
> Hello All,
> I am in the process of creating new router/firewall/wifidog boxes for our 96+ Public Libraries.  Currently I am running WifiDog on an Optiplex 755 Small Form Factor running Ubuntu.  This is working out great but I am trying to merge all services/servers into one system in order to save space and keep cost down.
> My question is:  Does anyone know the Shorewall rules needed to make WifiDog work on Ubuntu?
> Current setup is:
> Optiplex 755
> 3 Network Cards - Internet, LAN, WiFi (Internet goes to DSL/Fibre, LAN Gigabit Network, WiFi goes to Linksys WRT54G*Access Point)
> Shorewall
> Dansguardian
> Squid
> WifiDog
> Everything is working and routing fine, just can't get the captive portal to redirect. (Due to firewall rules)
> Any help would be appreciated.  http://wifi.nlpl.ca
> Thanks,
> Matt
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

it sounds related to the nat table?

verify that you have theses rules:

iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED
# SNAT (MASQUERADE) sur eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Where eth1 is the interface, your client are connected on.

Menil Jean-Philippe
DSI de l'Université de Nantes
tél: 02 51 12 53 92
Fax: 02 51 12 58 60
Jean-Philippe.Menil at univ-nantes.fr
WiFiDog mailing list
WiFiDog at listes.ilesansfil.org

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4388 (20090902) __________

The message was checked by ESET NOD32 Antivirus.


This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.

If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.

If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.

Plus d'informations sur la liste de diffusion WiFiDog