Hi Sam,<br>
<br>
Thanks for the reply. Yes it certainly does look like the default
firewall script is allowing ESTABLISHED connections 'through'. I
figured WiFiDog would somehow (no, I have not had more than a
superficial look at the gateway code) reset all connections associated
with a user on logout. Apparently this is not the case. I guess we need
a way to 'reset' all established connections of any user when the user
transitions from known to unknown from wifidog's point of view?<br>
<br>
Do you, or anyone else, have any thoughts on this? I expect this 'problem' has long since been resolved.<br>
<br>
Thanks again,<br>
<br>
Tarken<br><br><div><span class="gmail_quote">On 7/25/06, <b class="gmail_sendername">Samuel Leathers</b> <<a href="mailto:disasm@gentux.org">disasm@gentux.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm no expert, but usually a firewall rule usually allows any application<br>that already has "state" to stay connected. So after a logout, if an<br>application is continuously open from before the logout, it won't
<br>disconnect that application. Same would be true for an ssh tunnel. Now as<br>soon as you close the streaming program, and try to re-open it, it<br>shouldn't allow access anymore. I don't think wifidog controls this<br>
firewall rule, it's more of in your firewall initialization script.<br>(/etc/init.d/S45firewall on openwrt)<br>These look like the culprit on openwrt's default firewall script:<br>28 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
<br>51 iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br>72 iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT<br><br><br>Someone correct me if I'm wrong on this.<br><br>Sam<br>> Hi all,
<br>><br>> I have just been listening to <a href="http://www.pandora.com">www.pandora.com</a> (which is awesome I have to<br>> say!) and without shutting down the Pandora window, logged out of<br>> wifidog...<br>
> and the music didn't stop. Is this expected behaviour / a known bug in<br>> wifidog? The gateway apparently correctly blocks any new requests made by<br>> a<br>> logged out client, but allows already streaming content to continue...
<br>><br>> Once again I have Googled the mailing list archives and <a href="http://wifidog.org">wifidog.org</a><br>> website<br>> to no avail. Does anyone (everyone?) experience streaming content being<br>> allowed to continue after client logout? Am I once again overlooking
<br>> something obvious?<br>><br>> I hope this topic has not already been covered and solved, but if so, I'd<br>> much appreciate being pointed in the right direction.<br>><br>> Thanks in advance,<br>>
<br>> Tarken<br>> _______________________________________________<br>> WiFiDog mailing list<br>> <a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a><br>> <a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a><br><br><br>--<br>Sam Leathers<br>Sam Leathers Computer Services<br>814.574.7307<br><a href="mailto:sam@samleathers.com">sam@samleathers.com</a><br><a href="http://www.samleathers.com">
www.samleathers.com</a><br> -Computer repair services<br> -Reliable business consulting<br> -Web design and hosting that meets your needs<br> -Collection of computers no longer needed<br> -Student discounted repair rate<br>
-Server setups and networking<br>-------------------------------------<br><br>_______________________________________________<br>WiFiDog mailing list<br><a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org
</a><br><a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a><br></blockquote></div><br>