[isf-wifidog] IPtables issues

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Ven 22 Jan 08:27:42 EST 2010

Steve Congrave a écrit :
> The problem occurs on multiple routers at random times.
> The DNS is always the IP of the router - and opening the web browser to a
> URL that has a static route in the firewall works (as configured in
> wifidog.conf) even when the firewall blocks access.
> Unfortunately the OpenWRT group is not well supported with answers -
> problems yes, but not many answers ;)
> Steve
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Marcos Tadeu
> Sent: Thursday, January 21, 2010 6:22 PM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] IPtables issues
> Jean-Philippe Menil wrote:
>> Steve Congrave a écrit :
>>> Just wondering if anyone else has come up against a problem that we 
>>> seem to
>>> get on a regular basis.
>>> A client connects to the router (Wifidog and OpenWRT) and is sent 
>>> through to
>>> the portal. There they are authenticated and they start to get Internet
>>> access.
>>> At some random point afterwards, typically within 1-5 hours, all 
>>> users are
>>> denied access although they can see web sites that have specific routes
>>> through the firewall. Checking iptables shows all the rules are in 
>>> place and
>>> should be working just fine but the clients web browser just gives a
>>> 'Internet explorer cannot display the page' error unless they go to 
>>> one of
>>> the URLs that have specific rules in which case they can see it fine. 
>>> The
>>> auth server is accessible and available when this happens.
>>> Rebooting the router restores everything to normal until the next 
>>> time it
>>> happens.
>>> Any ideas or pointers?
>>> Thanks
>>> Steve
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> Hi,
>> I've never see this issue with Wifidog under Linux router environment.
>> I think it's related to your router.
>> Maybe you can ask on OpenWrt mailing?
>> Regards.
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> Maybe this is a DNS problem. Check the DNS servers that clients receive 
> from dhcp.
> Regards,

Tell me if i understand well:

you say, that the rules configured in the "FirewallRuleSet global" 
section, are always working.
And the rules configured in the "FirewallRuleSet known-users", aren't 
working anymore in
a period of 1 to 5 hours after the authentification?
So, your clients aren't authenticated anymore, but they aren't 
redirected to the authentication portal page.

You must check the logs:
start the wifidog with "wifidog -f -d 7" in console,
or pass the "-d" options in the /etc/init.d/wifidog in the OPTIONS path.
What say a "wdctl status" when the clients are denied?
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100122/173e096a/attachment.vcf>

Plus d'informations sur la liste de diffusion WiFiDog