[isf-wifidog] Shorewall Rules for WiFiDog
Jean-Philippe Menil
jean-philippe.menil at univ-nantes.fr
Ven 4 Sep 01:33:27 EDT 2009
Matthew Tavenor a écrit :
> iptables -t nat -nvL
> Chain PREROUTING (policy ACCEPT 19106 packets, 1833K bytes)
> pkts bytes target prot opt in out source destination
>
> Chain POSTROUTING (policy ACCEPT 3995 packets, 226K bytes)
> pkts bytes target prot opt in out source destination
> 3336 199K eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 3310 packets, 199K bytes)
> pkts bytes target prot opt in out source destination
>
> Chain eth0_masq (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 MASQUERADE all -- * * 192.168.20.0/24 0.0.0.0/0
> 0 0 MASQUERADE all -- * * 169.254.0.0/16 0.0.0.0/0
> 40 2232 MASQUERADE all -- * * 10.0.0.0/24 0.0.0.0/0
>
>
> --------------------------------
> iptables -nvL
> Chain INPUT (policy DROP 1 packets, 96 bytes)
> pkts bytes target prot opt in out source destination
> 147 25524 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
> 11241 2910K eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
> 13 1381 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
> 18318 1790K eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 39 6729 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
> 0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
> 748 39901 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 147 25524 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
> 11372 1134K eth0_out all -- * eth0 0.0.0.0/0 0.0.0.0/0
> 12 1488 eth1_out all -- * eth1 0.0.0.0/0 0.0.0.0/0
> 18729 2264K eth2_out all -- * eth2 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain Drop (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
> 36 2033 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 36 2033 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445
> 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
> 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535
> 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445
> 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900
> 15 752 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53
>
> Chain Reject (4 references)
> pkts bytes target prot opt in out source destination
> 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
> 19023 1826K dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 18744 1767K dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445
> 18034 1730K reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
> 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535
> 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445
> 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900
> 685 34888 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53
>
> Chain all2all (7 references)
> pkts bytes target prot opt in out source destination
> 12 1488 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 19023 1826K Reject all -- * * 0.0.0.0/0 0.0.0.0/0
> 710 37709 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
> 710 37709 reject all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain dropBcast (2 references)
> pkts bytes target prot opt in out source destination
> 279 58323 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
>
> Chain dropInvalid (2 references)
> pkts bytes target prot opt in out source destination
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
>
> Chain dropNotSyn (2 references)
> pkts bytes target prot opt in out source destination
> 1 40 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
>
> Chain dynamic (6 references)
> pkts bytes target prot opt in out source destination
>
> Chain eth0_fwd (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
> 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
> 39 6729 net2all all -- * eth2 0.0.0.0/0 0.0.0.0/0
>
> Chain eth0_in (1 references)
> pkts bytes target prot opt in out source destination
> 36 2033 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
> 9576 2600K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> 11241 2910K net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain eth0_out (1 references)
> pkts bytes target prot opt in out source destination
> 11372 1134K fw2net all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain eth1_fwd (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
> 0 0 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
> 0 0 all2all all -- * eth2 0.0.0.0/0 0.0.0.0/0
>
> Chain eth1_in (1 references)
> pkts bytes target prot opt in out source destination
> 13 1381 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
> 13 1381 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain eth1_out (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
> 12 1488 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain eth2_fwd (1 references)
> pkts bytes target prot opt in out source destination
> 748 39901 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
> 748 39901 wifi2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
> 0 0 all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
>
> Chain eth2_in (1 references)
> pkts bytes target prot opt in out source destination
> 18313 1790K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
> 10 3316 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
> 18308 1787K wifi2fw all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain eth2_out (1 references)
> pkts bytes target prot opt in out source destination
> 7 2296 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
> 18722 2262K fw2wifi all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain fw2net (1 references)
> pkts bytes target prot opt in out source destination
> 8072 937K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 3300 197K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain fw2wifi (1 references)
> pkts bytes target prot opt in out source destination
> 18716 2262K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 6 288 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 LOG flags 0 level 7 prefix `Shorewall:fw2wifi:ACCEPT:'
> 6 288 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain loc2fw (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
> 13 1381 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain loc2net (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain logdrop (0 references)
> pkts bytes target prot opt in out source destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain logflags (5 references)
> pkts bytes target prot opt in out source destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:logflags:DROP:'
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain logreject (0 references)
> pkts bytes target prot opt in out source destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain net2all (3 references)
> pkts bytes target prot opt in out source destination
> 39 6729 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 36 2033 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
> 35 1993 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
> 35 1993 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain net2fw (1 references)
> pkts bytes target prot opt in out source destination
> 11205 2908K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
> 36 2033 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain reject (11 references)
> pkts bytes target prot opt in out source destination
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
> 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
> 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
> 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
> 685 34888 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
> 18056 1732K REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
> 3 99 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
> 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
>
> Chain shorewall (0 references)
> pkts bytes target prot opt in out source destination
>
> Chain smurfs (0 references)
> pkts bytes target prot opt in out source destination
> 0 0 LOG all -- * * 209.128.18.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
> 0 0 DROP all -- * * 209.128.18.255 0.0.0.0/0
> 0 0 LOG all -- * * 192.168.20.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
> 0 0 DROP all -- * * 192.168.20.255 0.0.0.0/0
> 0 0 LOG all -- * * 10.0.0.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
> 0 0 DROP all -- * * 10.0.0.255 0.0.0.0/0
> 0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
> 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
> 0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
> 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
>
> Chain tcpflags (2 references)
> pkts bytes target prot opt in out source destination
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 flags:0x17/0x02
>
> Chain wifi2fw (1 references)
> pkts bytes target prot opt in out source destination
> 5 240 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2060 LOG flags 0 level 7 prefix `Shorewall:wifi2fw:ACCEPT:'
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2060
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
> 18303 1787K all2all all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain wifi2net (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 41 2291 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 LOG flags 0 level 7 prefix `Shorewall:wifi2net:ACCEPT:'
> 41 2291 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
> 707 37610 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
>
>
>
> ________________________________________
> From: wifidog-bounces at listes.ilesansfil.org [wifidog-bounces at listes.ilesansfil.org] On Behalf Of Menil Jean-Philippe [Jean-Philippe.Menil at univ-nantes.fr]
> Sent: Wednesday, September 02, 2009 1:41 PM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] Shorewall Rules for WiFiDog
>
> Matthew Tavenor a ?crit :
>> Thanks Menil Jean-Philippe,
>>
>> But the Masquerading and routing is working fine. I am getting the authentication page, able to login, but as soon as I am authenticated no traffic will reach the Wireless Laptop.
>>
>> Eth0 - Ineternet (outside IP)
>> Eth1 - LAN (192.168.0.1)
>> Eth2 - Wired to Linksys (10.0.0.1)
>>
>> Default Policy in Shorewall:
>>
>> Source - Destination
>> Eth2(wireless) Eth0(Internet) Accept
>>
>> Masquerading is setup for both eth1 and eth2.
>>
>> Any help on why web traffic is not reaching wireless client after successful login?
>>
>> Thanks,
>> Matt
>>
>> -----Original Message-----
>> From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Menil Jean-Philippe
>> Sent: Tuesday, September 01, 2009 11:57 AM
>> To: WiFiDog Captive Portal
>> Subject: Re: [isf-wifidog] Shorewall Rules for WiFiDog
>>
>> Matthew Tavenor a ?crit :
>>> Hello All,
>>>
>>> I am in the process of creating new router/firewall/wifidog boxes for our 96+ Public Libraries. Currently I am running WifiDog on an Optiplex 755 Small Form Factor running Ubuntu. This is working out great but I am trying to merge all services/servers into one system in order to save space and keep cost down.
>>>
>>> My question is: Does anyone know the Shorewall rules needed to make WifiDog work on Ubuntu?
>>>
>>> Current setup is:
>>>
>>> Optiplex 755
>>> 3 Network Cards - Internet, LAN, WiFi (Internet goes to DSL/Fibre, LAN Gigabit Network, WiFi goes to Linksys WRT54G*Access Point)
>>> Shorewall
>>> Dansguardian
>>> Squid
>>> DHCP3
>>> WifiDog
>>>
>>> Everything is working and routing fine, just can't get the captive portal to redirect. (Due to firewall rules)
>>>
>>> Any help would be appreciated. http://wifi.nlpl.ca
>>>
>>> Thanks,
>>> Matt
>>>
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> Hi,
>>
>> it sounds related to the nat table?
>>
>> verify that you have theses rules:
>>
>> iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED
>> -j ACCEPT
>> # SNAT (MASQUERADE) sur eth0
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>> Where eth1 is the interface, your client are connected on.
>>
>> --
>> Menil Jean-Philippe
>> DSI de l'Universit? de Nantes
>> t?l: 02 51 12 53 92
>> Fax: 02 51 12 58 60
>> Jean-Philippe.Menil at univ-nantes.fr
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>>
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4388 (20090902) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
>>
>> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
>>
>> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> Hi,
>
> If i understand well, the wireless client are through eth2, and eth1 is
> your private lan?
> So wifidog is running for the eth2 interface, right?
>
> Can you proide us, the result of theses commands:
>
> iptables -nvL
> iptables -t nat -nvL
>
> Regards.
>
> --
> Menil Jean-Philippe
> DSI de l'Universit? de Nantes
> t?l: 02 51 12 53 92
> Fax: 02 51 12 58 60
> Jean-Philippe.Menil at univ-nantes.fr
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
>
> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
>
> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4389 (20090902) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
>
> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
>
> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,
looks good, but don't know so much about the shorewall firewall.
Can you provide your /etc/shorewall/mask file, and your wifidog.conf?
Is ip forwarding activate?
Regards.
--
Menil Jean-Philippe
Dsi de l'Université de Nantes
tél: 02 51 12 53 92
Fax: 02 51 12 58 60
Jean-Philippe.Menil at univ-nantes.fr
Plus d'informations sur la liste de diffusion WiFiDog