[isf-wifidog] Shorewall Rules for WiFiDog

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Ven 4 Sep 01:33:27 EDT 2009


Matthew Tavenor a écrit :
> iptables -t nat -nvL
> Chain PREROUTING (policy ACCEPT 19106 packets, 1833K bytes)
>  pkts bytes target     prot opt in     out     source               destination
> 
> Chain POSTROUTING (policy ACCEPT 3995 packets, 226K bytes)
>  pkts bytes target     prot opt in     out     source               destination
>  3336  199K eth0_masq  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
> 
> Chain OUTPUT (policy ACCEPT 3310 packets, 199K bytes)
>  pkts bytes target     prot opt in     out     source               destination
> 
> Chain eth0_masq (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 MASQUERADE  all  --  *      *       192.168.20.0/24      0.0.0.0/0
>     0     0 MASQUERADE  all  --  *      *       169.254.0.0/16       0.0.0.0/0
>    40  2232 MASQUERADE  all  --  *      *       10.0.0.0/24          0.0.0.0/0
> 
> 
> --------------------------------
> iptables -nvL
> Chain INPUT (policy DROP 1 packets, 96 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>   147 25524 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
> 11241 2910K eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
>    13  1381 eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
> 18318 1790K eth2_in    all  --  eth2   *       0.0.0.0/0            0.0.0.0/0
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>     0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
>     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>    39  6729 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
>     0     0 eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
>   748 39901 eth2_fwd   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>     0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
>     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>   147 25524 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
> 11372 1134K eth0_out   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
>    12  1488 eth1_out   all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
> 18729 2264K eth2_out   all  --  *      eth2    0.0.0.0/0            0.0.0.0/0
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>     0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
>     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain Drop (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113
>    36  2033 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11
>    36  2033 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535
>     0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900
>    15   752 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53
> 
> Chain Reject (4 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113
> 19023 1826K dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11
> 18744 1767K dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445
> 18034 1730K reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139
>     0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535
>     0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900
>   685 34888 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53
> 
> Chain all2all (7 references)
>  pkts bytes target     prot opt in     out     source               destination
>    12  1488 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
> 19023 1826K Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
>   710 37709 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
>   710 37709 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain dropBcast (2 references)
>  pkts bytes target     prot opt in     out     source               destination
>   279 58323 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
> 
> Chain dropInvalid (2 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
> 
> Chain dropNotSyn (2 references)
>  pkts bytes target     prot opt in     out     source               destination
>     1    40 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02
> 
> Chain dynamic (6 references)
>  pkts bytes target     prot opt in     out     source               destination
> 
> Chain eth0_fwd (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
>     0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 net2all    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
>    39  6729 net2all    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0
> 
> Chain eth0_in (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>    36  2033 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
>  9576 2600K tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
> 11241 2910K net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain eth0_out (1 references)
>  pkts bytes target     prot opt in     out     source               destination
> 11372 1134K fw2net     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain eth1_fwd (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
>     0     0 loc2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
>     0     0 all2all    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0
> 
> Chain eth1_in (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>    13  1381 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
>     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:67:68
>    13  1381 loc2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain eth1_out (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:67:68
>    12  1488 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain eth2_fwd (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>   748 39901 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
>   748 39901 wifi2net   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
>     0     0 all2all    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
> 
> Chain eth2_in (1 references)
>  pkts bytes target     prot opt in     out     source               destination
> 18313 1790K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
>    10  3316 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:67:68
> 18308 1787K wifi2fw    all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain eth2_out (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     7  2296 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:67:68
> 18722 2262K fw2wifi    all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain fw2net (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>  8072  937K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>  3300  197K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain fw2wifi (1 references)
>  pkts bytes target     prot opt in     out     source               destination
> 18716 2262K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>     6   288 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 LOG flags 0 level 7 prefix `Shorewall:fw2wifi:ACCEPT:'
>     6   288 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
>     0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain loc2fw (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10000
>    13  1381 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain loc2net (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain logdrop (0 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain logflags (5 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logflags:DROP:'
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain logreject (0 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
>     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain net2all (3 references)
>  pkts bytes target     prot opt in     out     source               destination
>    39  6729 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>    36  2033 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0
>    35  1993 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
>    35  1993 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain net2fw (1 references)
>  pkts bytes target     prot opt in     out     source               destination
> 11205 2908K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10000
>    36  2033 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain reject (11 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
>     0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0
>     0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0
>     0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0
>   685 34888 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
> 18056 1732K REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
>     3    99 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable
>     0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
> 
> Chain shorewall (0 references)
>  pkts bytes target     prot opt in     out     source               destination
> 
> Chain smurfs (0 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 LOG        all  --  *      *       209.128.18.255       0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
>     0     0 DROP       all  --  *      *       209.128.18.255       0.0.0.0/0
>     0     0 LOG        all  --  *      *       192.168.20.255       0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
>     0     0 DROP       all  --  *      *       192.168.20.255       0.0.0.0/0
>     0     0 LOG        all  --  *      *       10.0.0.255           0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
>     0     0 DROP       all  --  *      *       10.0.0.255           0.0.0.0/0
>     0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
>     0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0
>     0     0 LOG        all  --  *      *       224.0.0.0/4          0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
>     0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0
> 
> Chain tcpflags (2 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x29
>     0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x00
>     0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x06
>     0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x03/0x03
>     0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:0 flags:0x17/0x02
> 
> Chain wifi2fw (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     5   240 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>     0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2060 LOG flags 0 level 7 prefix `Shorewall:wifi2fw:ACCEPT:'
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2060
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10000
> 18303 1787K all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> Chain wifi2net (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
>    41  2291 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 LOG flags 0 level 7 prefix `Shorewall:wifi2net:ACCEPT:'
>    41  2291 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53
>   707 37610 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0
> 
> 
> 
> 
> 
> ________________________________________
> From: wifidog-bounces at listes.ilesansfil.org [wifidog-bounces at listes.ilesansfil.org] On Behalf Of Menil Jean-Philippe [Jean-Philippe.Menil at univ-nantes.fr]
> Sent: Wednesday, September 02, 2009 1:41 PM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] Shorewall Rules for WiFiDog
> 
> Matthew Tavenor a ?crit :
>> Thanks Menil Jean-Philippe,
>>
>> But the Masquerading and routing is working fine.  I am getting the authentication page, able to login, but as soon as I am authenticated no traffic will reach the Wireless Laptop.
>>
>> Eth0 - Ineternet (outside IP)
>> Eth1 - LAN (192.168.0.1)
>> Eth2 - Wired to Linksys (10.0.0.1)
>>
>> Default Policy in Shorewall:
>>
>> Source - Destination
>> Eth2(wireless)  Eth0(Internet)  Accept
>>
>> Masquerading is setup for both eth1 and eth2.
>>
>> Any help on why web traffic is not reaching wireless client after successful login?
>>
>> Thanks,
>> Matt
>>
>> -----Original Message-----
>> From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Menil Jean-Philippe
>> Sent: Tuesday, September 01, 2009 11:57 AM
>> To: WiFiDog Captive Portal
>> Subject: Re: [isf-wifidog] Shorewall Rules for WiFiDog
>>
>> Matthew Tavenor a ?crit :
>>> Hello All,
>>>
>>> I am in the process of creating new router/firewall/wifidog boxes for our 96+ Public Libraries.  Currently I am running WifiDog on an Optiplex 755 Small Form Factor running Ubuntu.  This is working out great but I am trying to merge all services/servers into one system in order to save space and keep cost down.
>>>
>>> My question is:  Does anyone know the Shorewall rules needed to make WifiDog work on Ubuntu?
>>>
>>> Current setup is:
>>>
>>> Optiplex 755
>>> 3 Network Cards - Internet, LAN, WiFi (Internet goes to DSL/Fibre, LAN Gigabit Network, WiFi goes to Linksys WRT54G*Access Point)
>>> Shorewall
>>> Dansguardian
>>> Squid
>>> DHCP3
>>> WifiDog
>>>
>>> Everything is working and routing fine, just can't get the captive portal to redirect. (Due to firewall rules)
>>>
>>> Any help would be appreciated.  http://wifi.nlpl.ca
>>>
>>> Thanks,
>>> Matt
>>>
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> Hi,
>>
>> it sounds related to the nat table?
>>
>> verify that you have theses rules:
>>
>> iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED
>> -j ACCEPT
>> # SNAT (MASQUERADE) sur eth0
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>> Where eth1 is the interface, your client are connected on.
>>
>> --
>> Menil Jean-Philippe
>> DSI de l'Universit? de Nantes
>> t?l: 02 51 12 53 92
>> Fax: 02 51 12 58 60
>> Jean-Philippe.Menil at univ-nantes.fr
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>>
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4388 (20090902) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
>>
>> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
>>
>> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> Hi,
> 
> If i understand well, the wireless client are through eth2, and eth1 is
> your private lan?
> So wifidog is running for the eth2 interface, right?
> 
> Can you proide us, the result of theses commands:
> 
> iptables -nvL
> iptables -t nat -nvL
> 
> Regards.
> 
> --
> Menil Jean-Philippe
> DSI de l'Universit? de Nantes
> t?l: 02 51 12 53 92
> Fax: 02 51 12 58 60
> Jean-Philippe.Menil at univ-nantes.fr
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 
> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
> 
> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
> 
> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4389 (20090902) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
> 
> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
> 
> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,

looks good, but don't know so much about the shorewall firewall.
Can you provide your /etc/shorewall/mask file, and your wifidog.conf?
Is ip forwarding activate?

Regards.

-- 
Menil Jean-Philippe
Dsi de l'Université de Nantes
tél: 02 51 12 53 92
Fax: 02 51 12 58 60
Jean-Philippe.Menil at univ-nantes.fr


Plus d'informations sur la liste de diffusion WiFiDog