[isf-wifidog] IPTables locking up with OpenWRT - another distro?

aaronz at pls-net.org aaronz at pls-net.org
Mer 17 Fév 10:32:31 EST 2010 

We are seeing something that reminded me of this thread, it may be IPTables related, but it has me stumped:
Daily SOME (not all) users on one particular WAP are not able to get to anyplace but the WAP when they connect. 
They get an IP address and can ping the local address of the WAP (192.168.1.1). They show up in the dhcp.leases file and can be pinged from the router, but they cannot ping (for example) Google.com by name or by IP address. 
When this is happening, I can ping google.com from the command line of the WAP without any issues. Oddly, this will affect one person on the WAP while 3-4 other patrons on the same WAP are fine.

When it was having this issue yesterday I ran  "wifidog-init status" and got the following result:
#root@??????:~#  wifidog-init status
#WiFiDog status
#
#Version: 1.1.5
#Uptime: 261d 8h 36m 39s ##This seems to be off on many of our boxes as they reboot nightly. It may be due to the fact that WiFi Dog starts up before the time gets synced.
#Has been restarted: no
#Internet Connectivity: yes
#Auth server reachable: yes
#Clients served this session: 0
#
#0 clients connected.

Has anyone seen this? I am currently seeing this at only one of the 43 active WAPs that we are running (which I find odd being as they were all created with the same script).

Thanks

Aaron Z

----- "Steve Congrave" <steve at congrave.com> wrote:

> From: "Steve Congrave" <steve at congrave.com>
> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
> Sent: Monday, February 1, 2010 10:52:24 AM GMT -05:00 US/Canada Eastern
> Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another distro?
>
> I agree that OpenWRT is easy to use - we do have a partial build using
> the
> latest version but I'm reluctant to continue down that path until I'm
> sure
> that the iptables was resolved as others report the same problems.
> Our
> implementation makes a lot of use of iptables in a dynamic way and
> that may
> be the cause of the problem as we change rules so frequently.
> 
> What are the DNS oddities that you experience because the result of
> the
> iptables problem is the client being denied access that looks exactly
> like a
> dns issue from the client end?
> 
> I appreciate your feedback.
> 
> Steve 
> 
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Aaron Z
> Sent: Monday, February 01, 2010 7:30 AM
> To: WiFiDog List
> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
> distro?
> 
> Can you upgrade to the current version of OpenWRT (8.09.x) or is that
> not
> possible?
> We recently rolled out 40ish WAPS running OpenWRT 8.09 and WiFiDog
> (with a
> custom WiFiDog backend) on WRT54GL hardware and are very happy with
> them. We
> have them in libraries and use WiFiDog for the public network
> (authentication against our patron database and access control only)
> and a
> WPA2 encrypted network for staff use.
> We do a nightly reboot (to force them to check for updates and because
> of
> some DNS oddities that seem to crop up after the WAP has been running
> for a
> few days) but we are very happy with it. I personally find OpenWRT
> easier to
> work with than DD-Wrt, but that is probably just be a personal
> preference.
> 
> 
> Aaron Z
> 
> ----- "Steve Congrave" <steve at congrave.com> wrote:
> 
> > From: "Steve Congrave" <steve at congrave.com>
> > To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
> > Sent: Monday, February 1, 2010 1:58:06 AM GMT -05:00 US/Canada
> Eastern
> > Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
> distro?
> >
> > https://dev.openwrt.org/ticket/2558
> > 
> > This ticket is showing as closed but it appears that others are
> still
> > having
> > problems.
> > 
> > Our routers (WRT54GL) running OpenWRT 7.09 are locking up at least
> > once a
> > day - much more often when they have 5 or 6 customers connected and
> > we
> > implemented the update at https://dev.openwrt.org/changeset/16141
> > 
> > We have tried everything that we can think of to get this working
> but
> > it's
> > hard to even find a workaround as there seems to be no way of
> testing
> > for it
> > happening. At the moment we are running a reboot every 2 hours just
> to
> > get
> > around this but it's hardly satisfactory.
> > 
> > Is anyone else on the list having a problem - has anyone fixed it
> yet?
> > Have
> > you all moved away from OpenWRT because of it?
> > 
> > What other distro would you suggest to try instead of OpenWRT on a
> > Linksys
> > WRT54GL for WifiDog?
> > 
> > 
> > 
> > 
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

Plus d'informations sur la liste de diffusion WiFiDog