[isf-wifidog] IPtables issues
jean-philippe.menil at univ-nantes.fr
Ven 22 Jan 08:27:42 EST 2010
Steve Congrave a écrit :
> The problem occurs on multiple routers at random times.
> The DNS is always the IP of the router - and opening the web browser to a
> URL that has a static route in the firewall works (as configured in
> wifidog.conf) even when the firewall blocks access.
> Unfortunately the OpenWRT group is not well supported with answers -
> problems yes, but not many answers ;)
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Marcos Tadeu
> Sent: Thursday, January 21, 2010 6:22 PM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] IPtables issues
> Jean-Philippe Menil wrote:
>> Steve Congrave a écrit :
>>> Just wondering if anyone else has come up against a problem that we
>>> seem to
>>> get on a regular basis.
>>> A client connects to the router (Wifidog and OpenWRT) and is sent
>>> through to
>>> the portal. There they are authenticated and they start to get Internet
>>> At some random point afterwards, typically within 1-5 hours, all
>>> users are
>>> denied access although they can see web sites that have specific routes
>>> through the firewall. Checking iptables shows all the rules are in
>>> place and
>>> should be working just fine but the clients web browser just gives a
>>> 'Internet explorer cannot display the page' error unless they go to
>>> one of
>>> the URLs that have specific rules in which case they can see it fine.
>>> auth server is accessible and available when this happens.
>>> Rebooting the router restores everything to normal until the next
>>> time it
>>> Any ideas or pointers?
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>> I've never see this issue with Wifidog under Linux router environment.
>> I think it's related to your router.
>> Maybe you can ask on OpenWrt mailing?
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
> Maybe this is a DNS problem. Check the DNS servers that clients receive
> from dhcp.
Tell me if i understand well:
you say, that the rules configured in the "FirewallRuleSet global"
section, are always working.
And the rules configured in the "FirewallRuleSet known-users", aren't
working anymore in
a period of 1 to 5 hours after the authentification?
So, your clients aren't authenticated anymore, but they aren't
redirected to the authentication portal page.
You must check the logs:
start the wifidog with "wifidog -f -d 7" in console,
or pass the "-d" options in the /etc/init.d/wifidog in the OPTIONS path.
What say a "wdctl status" when the clients are denied?
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Taille: 433 octets
Desc: non disponible
Plus d'informations sur la liste de diffusion WiFiDog