[isf-wifidog] Shorewall Rules for WiFiDog

Menil Jean-Philippe Jean-Philippe.Menil at univ-nantes.fr
Mer 2 Sep 12:11:44 EDT 2009


Matthew Tavenor a écrit :
> Thanks Menil Jean-Philippe,
> 
> But the Masquerading and routing is working fine.  I am getting the authentication page, able to login, but as soon as I am authenticated no traffic will reach the Wireless Laptop.
> 
> Eth0 - Ineternet (outside IP)
> Eth1 - LAN (192.168.0.1)
> Eth2 - Wired to Linksys (10.0.0.1)
> 
> Default Policy in Shorewall:
> 
> Source - Destination
> Eth2(wireless)  Eth0(Internet)  Accept
> 
> Masquerading is setup for both eth1 and eth2.
> 
> Any help on why web traffic is not reaching wireless client after successful login?
> 
> Thanks,
> Matt
> 
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Menil Jean-Philippe
> Sent: Tuesday, September 01, 2009 11:57 AM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] Shorewall Rules for WiFiDog
> 
> Matthew Tavenor a écrit :
>> Hello All,
>>
>> I am in the process of creating new router/firewall/wifidog boxes for our 96+ Public Libraries.  Currently I am running WifiDog on an Optiplex 755 Small Form Factor running Ubuntu.  This is working out great but I am trying to merge all services/servers into one system in order to save space and keep cost down.
>>
>> My question is:  Does anyone know the Shorewall rules needed to make WifiDog work on Ubuntu?
>>
>> Current setup is:
>>
>> Optiplex 755
>> 3 Network Cards - Internet, LAN, WiFi (Internet goes to DSL/Fibre, LAN Gigabit Network, WiFi goes to Linksys WRT54G*Access Point)
>> Shorewall
>> Dansguardian
>> Squid
>> DHCP3
>> WifiDog
>>
>> Everything is working and routing fine, just can't get the captive portal to redirect. (Due to firewall rules)
>>
>> Any help would be appreciated.  http://wifi.nlpl.ca
>>
>> Thanks,
>> Matt
>>
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> Hi,
> 
> it sounds related to the nat table?
> 
> verify that you have theses rules:
> 
> iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED
> -j ACCEPT
> # SNAT (MASQUERADE) sur eth0
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
> Where eth1 is the interface, your client are connected on.
> 
> --
> Menil Jean-Philippe
> DSI de l'Université de Nantes
> tél: 02 51 12 53 92
> Fax: 02 51 12 58 60
> Jean-Philippe.Menil at univ-nantes.fr
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 
> 
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4388 (20090902) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
> 
> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
> 
> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,

If i understand well, the wireless client are through eth2, and eth1 is 
your private lan?
So wifidog is running for the eth2 interface, right?

Can you proide us, the result of theses commands:

iptables -nvL
iptables -t nat -nvL

Regards.

-- 
Menil Jean-Philippe
DSI de l'Université de Nantes
tél: 02 51 12 53 92
Fax: 02 51 12 58 60
Jean-Philippe.Menil at univ-nantes.fr


Plus d'informations sur la liste de diffusion WiFiDog