[isf-wifidog] IPtables issues
Jean-Philippe Menil
jean-philippe.menil at univ-nantes.fr
Ven 22 Jan 08:27:42 EST 2010
Steve Congrave a écrit :
> The problem occurs on multiple routers at random times.
>
> The DNS is always the IP of the router - and opening the web browser to a
> URL that has a static route in the firewall works (as configured in
> wifidog.conf) even when the firewall blocks access.
>
> Unfortunately the OpenWRT group is not well supported with answers -
> problems yes, but not many answers ;)
>
> Steve
>
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Marcos Tadeu
> Sent: Thursday, January 21, 2010 6:22 PM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] IPtables issues
>
> Jean-Philippe Menil wrote:
>
>> Steve Congrave a écrit :
>>
>>> Just wondering if anyone else has come up against a problem that we
>>> seem to
>>> get on a regular basis.
>>>
>>> A client connects to the router (Wifidog and OpenWRT) and is sent
>>> through to
>>> the portal. There they are authenticated and they start to get Internet
>>> access.
>>>
>>> At some random point afterwards, typically within 1-5 hours, all
>>> users are
>>> denied access although they can see web sites that have specific routes
>>> through the firewall. Checking iptables shows all the rules are in
>>> place and
>>> should be working just fine but the clients web browser just gives a
>>> 'Internet explorer cannot display the page' error unless they go to
>>> one of
>>> the URLs that have specific rules in which case they can see it fine.
>>> The
>>> auth server is accessible and available when this happens.
>>>
>>> Rebooting the router restores everything to normal until the next
>>> time it
>>> happens.
>>>
>>> Any ideas or pointers?
>>>
>>> Thanks
>>>
>>> Steve
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>
>>>
>> Hi,
>>
>> I've never see this issue with Wifidog under Linux router environment.
>> I think it's related to your router.
>> Maybe you can ask on OpenWrt mailing?
>>
>> Regards.
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
> Maybe this is a DNS problem. Check the DNS servers that clients receive
> from dhcp.
>
> Regards,
>
Hi,
Tell me if i understand well:
you say, that the rules configured in the "FirewallRuleSet global"
section, are always working.
And the rules configured in the "FirewallRuleSet known-users", aren't
working anymore in
a period of 1 to 5 hours after the authentification?
So, your clients aren't authenticated anymore, but they aren't
redirected to the authentication portal page.
You must check the logs:
start the wifidog with "wifidog -f -d 7" in console,
or pass the "-d" options in the /etc/init.d/wifidog in the OPTIONS path.
What say a "wdctl status" when the clients are denied?
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100122/173e096a/attachment.vcf>
Plus d'informations sur la liste de diffusion WiFiDog