[isf-wifidog] Understanding the WiFidog Firewall process
Jean-Philippe Menil
jean-philippe.menil at univ-nantes.fr
Mer 27 Jan 10:55:14 EST 2010
Steve Congrave a écrit :
>
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Jean-Philippe
> Menil
> Sent: Wednesday, January 27, 2010 8:34 AM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] Understanding the WiFidog Firewall process
>
> Steve Congrave a écrit :
>> I'm trying to understand the WiFidog firewall process (sorry for
>> newbie questions LOL) and have read the developer docs at
>> http://dev.wifidog.org/wiki/doc/developer/FlowDiagram
>>
>> The Gateway Firewall rules (iptables) mangles the initial user request
>> and starts the auth process.
>> I'm ok with this and the auth process but what I find hard to
>> understand is how is the firewall opened up for an authenticated client?
>>
>> What is the process and ruleset that allows a client that has been
>> authenticated, access through the firewall, and how is that then
>> closed down after the client has been de-authenticated (if they run
>> out of access time allowance for example)?
>>
>> I'm trying to understand the role of iptables and whether there are
>> changes made to it dynamically or if something else is tagging the
>> traffic before it hits the firewall
>>
>> Thanks for any help
>>
>> Steve
>>
>
>> Hi,
>
>> here you can find a good map of the wifidog firewall rules:
>
>> http://wireless-speed.blogspot.com/2009/04/wifidog-hack-iptables-map-rules.
> html
>
>> Regards.
>
> Thanks
>
> I can see the diagram but not familiar with the Arabic text :)
>
> So iptables chains/rulesets are static and don't change.
>
> How can we see the list and status of users on the node so that I can
> determine their 'pathway' through the iptables chains? Is this information
> available or could it be logged by a hack to the source?
>
> Steve
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
I'm not sure to understand very well what you want to do.
You can see your authenticated clients in the mangle table:
iptables -t mangle -nvL
Regards.
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100127/91cb6d41/attachment-0001.vcf>
Plus d'informations sur la liste de diffusion WiFiDog