[isf-wifidog] IPTables locking up with OpenWRT - another distro?
steve at congrave.com
Mer 17 Fév 10:47:31 EST 2010
This is a problem that we get on about 50% of our nodes every day and we are
also stumped as to what causes it.
We don't know if it's an OpenWRT problem or a WiFidog problem but it
manifests itself in the same way - customers connect fine to the node and
when authenticated they can access the Web. At some point afterwards - 1 to
4 hours later, customers suddenly get blocked from accessing the web. They
can access any static routes setup in IPTables and they can ping the auth
server IP - but everything else is blocked and they just get 'cannot connect
to...' standard browser messages.
We have tried changing the DHCP lease times with no effect.
We test for memory leaks and that isn't the problem.
We have used variants of the WRT54GL and the WRG54-TM and it makes no
At this point I have a reboot established every 2 hours so that we can
maintain some sort of service but it is so frustrating as no-one has ever
found the fix and most people never seem to see the problem. You are one of
the first that I have seen with the identical problem.
We are trying to create a new build using the latest OpenWRT and the new 2.6
kernal to see if that fixes the problem - we did consider a new version of
IPTables as OpenWRT uses quite an old version but this is all still work in
progress so we won't know if it helps until it's completed and tested.
It's a nasty little bug that frustrates the heck out of me!
From: wifidog-bounces at listes.ilesansfil.org
[mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of
aaronz at pls-net.org
Sent: Wednesday, February 17, 2010 8:33 AM
To: WiFiDog Captive Portal
Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
We are seeing something that reminded me of this thread, it may be IPTables
related, but it has me stumped:
Daily SOME (not all) users on one particular WAP are not able to get to
anyplace but the WAP when they connect.
They get an IP address and can ping the local address of the WAP
(192.168.1.1). They show up in the dhcp.leases file and can be pinged from
the router, but they cannot ping (for example) Google.com by name or by IP
When this is happening, I can ping google.com from the command line of the
WAP without any issues. Oddly, this will affect one person on the WAP while
3-4 other patrons on the same WAP are fine.
When it was having this issue yesterday I ran "wifidog-init status" and got
the following result:
#root@??????:~# wifidog-init status
#Uptime: 261d 8h 36m 39s ##This seems to be off on many of our boxes as they
reboot nightly. It may be due to the fact that WiFi Dog starts up before the
time gets synced.
#Has been restarted: no
#Internet Connectivity: yes
#Auth server reachable: yes
#Clients served this session: 0
#0 clients connected.
Has anyone seen this? I am currently seeing this at only one of the 43
active WAPs that we are running (which I find odd being as they were all
created with the same script).
----- "Steve Congrave" <steve at congrave.com> wrote:
> From: "Steve Congrave" <steve at congrave.com>
> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
> Sent: Monday, February 1, 2010 10:52:24 AM GMT -05:00 US/Canada Eastern
> Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
> I agree that OpenWRT is easy to use - we do have a partial build using
> latest version but I'm reluctant to continue down that path until I'm
> that the iptables was resolved as others report the same problems.
> implementation makes a lot of use of iptables in a dynamic way and
> that may
> be the cause of the problem as we change rules so frequently.
> What are the DNS oddities that you experience because the result of
> iptables problem is the client being denied access that looks exactly
> like a
> dns issue from the client end?
> I appreciate your feedback.
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Aaron Z
> Sent: Monday, February 01, 2010 7:30 AM
> To: WiFiDog List
> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
> Can you upgrade to the current version of OpenWRT (8.09.x) or is that
> We recently rolled out 40ish WAPS running OpenWRT 8.09 and WiFiDog
> (with a
> custom WiFiDog backend) on WRT54GL hardware and are very happy with
> them. We
> have them in libraries and use WiFiDog for the public network
> (authentication against our patron database and access control only)
> and a
> WPA2 encrypted network for staff use.
> We do a nightly reboot (to force them to check for updates and because
> some DNS oddities that seem to crop up after the WAP has been running
> for a
> few days) but we are very happy with it. I personally find OpenWRT
> easier to
> work with than DD-Wrt, but that is probably just be a personal
> Aaron Z
> ----- "Steve Congrave" <steve at congrave.com> wrote:
> > From: "Steve Congrave" <steve at congrave.com>
> > To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
> > Sent: Monday, February 1, 2010 1:58:06 AM GMT -05:00 US/Canada
> > Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
> > https://dev.openwrt.org/ticket/2558
> > This ticket is showing as closed but it appears that others are
> > having
> > problems.
> > Our routers (WRT54GL) running OpenWRT 7.09 are locking up at least
> > once a
> > day - much more often when they have 5 or 6 customers connected and
> > we
> > implemented the update at https://dev.openwrt.org/changeset/16141
> > We have tried everything that we can think of to get this working
> > it's
> > hard to even find a workaround as there seems to be no way of
> > for it
> > happening. At the moment we are running a reboot every 2 hours just
> > get
> > around this but it's hardly satisfactory.
> > Is anyone else on the list having a problem - has anyone fixed it
> > Have
> > you all moved away from OpenWRT because of it?
> > What other distro would you suggest to try instead of OpenWRT on a
> > Linksys
> > WRT54GL for WifiDog?
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
WiFiDog mailing list
WiFiDog at listes.ilesansfil.org
Plus d'informations sur la liste de diffusion WiFiDog