[From nobody Sat Oct 7 17:39:45 2006 X-Apparently-To: stumblingthunder@yahoo.com via 209.191.69.76; Fri, 06 Oct 2006 13:11:52 -0700 X-YahooFilteredBulk: 63.243.158.159 X-Originating-IP: [63.243.158.159] Authentication-Results: mta206.mail.mud.yahoo.com from=listes.ilesansfil.org; domainkeys=fail (bad syntax) Received: from 63.243.158.159 (EHLO mail.ilesansfil.org) (63.243.158.159) by mta206.mail.mud.yahoo.com with SMTP; Fri, 06 Oct 2006 13:11:51 -0700 Received: from isf.ilesansfil.org (localhost.localdomain [127.0.0.1]) by mail.ilesansfil.org (Postfix) with ESMTP id B4412BB8118; Fri, 6 Oct 2006 16:11:48 -0400 (EDT) X-Original-To: wifidog@listes.ilesansfil.org Delivered-To: wifidog@listes.ilesansfil.org Received: from web30304.mail.mud.yahoo.com (web30304.mail.mud.yahoo.com [209.191.69.66]) by mail.ilesansfil.org (Postfix) with SMTP id 29491BB8009 for <wifidog@listes.ilesansfil.org>; Fri, 6 Oct 2006 16:11:47 -0400 (EDT) Received: (qmail 41709 invoked by uid 60001); 6 Oct 2006 20:11:42 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=FGipTt+4crNRnMZTApgQH84KXQNMWfw6W6G4m7vrRkvNKo6tSD7/8cbP8ZZNJ8H/vVWtAudQcVQKFf8WGuIQQswsxUeCNUiyA/+nogsslQrlGdCWT5SiIW02CSLVZqMxkPCALb8j28xpdxprtj2sbRzJWh3H238qx7f4S+rAQc4= ; Received: from [71.53.152.41] by web30304.mail.mud.yahoo.com via HTTP; Fri, 06 Oct 2006 13:11:42 PDT Date: Fri, 6 Oct 2006 13:11:42 -0700 (PDT) From: John Boushall <stumblingthunder@yahoo.com> To: wifidog@listes.ilesansfil.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0-863580201-1160165502=:39484" Content-Transfer-Encoding: 8bit Subject: [isf-wifidog] Difficulty in getting wifidog gateway on OpenWRT to connect to Auth Server X-BeenThere: wifidog@listes.ilesansfil.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: WiFiDog Captive Portal <wifidog@listes.ilesansfil.org> List-Id: WiFiDog Captive Portal <wifidog.listes.ilesansfil.org> List-Unsubscribe: <http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog>, <mailto:wifidog-request@listes.ilesansfil.org?subject=unsubscribe> List-Archive: <http://listes.ilesansfil.org/pipermail/wifidog> List-Post: <mailto:wifidog@listes.ilesansfil.org> List-Help: <mailto:wifidog-request@listes.ilesansfil.org?subject=help> List-Subscribe: <http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog>, <mailto:wifidog-request@listes.ilesansfil.org?subject=subscribe> Sender: wifidog-bounces@listes.ilesansfil.org Errors-To: wifidog-bounces@listes.ilesansfil.org Content-Length: 4317 --0-863580201-1160165502=:39484 Content-Type: multipart/alternative; boundary="0-888974169-1160165502=:39484" --0-888974169-1160165502=:39484 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit I have installed the Wifidog Authentication server and the gateway on OpenWRT. I have tried gleaning from all of the gateway configuration documents how to configure the gateway. Before I broke the bridge between the wireless lan connection and the wired lan, I was able to get to the web splash screen on the gateway, but never got through to the Authentication server. I have tried disabling the autostartup, (S65wifidog,) and manually starting the gateway, which showed part of the startup process, (log.txt.) I also saw on the command line that it was occasionally unable to start up the web server, plus, the gateway would not get a pong response from the ping it is sending to the Auth server. I did fill out the configuration info for the gateway on the admin web pages on the Auth server. I would appreciate any help with my config or what I might be missing. Thank you. John Boushall --------------------------------- Do you Yahoo!? Get on board. You're invited to try the new Yahoo! Mail. --------------------------------- Get your email and more, right on the new Yahoo.com --0-888974169-1160165502=:39484 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit <div>I have installed the Wifidog Authentication server and the gateway on OpenWRT.&nbsp;&nbsp; I have tried gleaning from all of the gateway configuration documents how to configure the gateway.</div> <div>&nbsp;</div> <div>Before I broke the bridge between the wireless lan connection and the wired lan, I was able to get to the web splash screen on the gateway, but never got through to the Authentication server.</div> <div>&nbsp;</div> <div>I have tried disabling the autostartup, (S65wifidog,) and manually starting the gateway, which showed part of the startup process, (log.txt.)&nbsp;&nbsp; I also saw on the command line that it was occasionally unable to start up the web server, plus, the gateway would not get a pong response from the ping it is sending to the Auth server.&nbsp; I did fill out the configuration info for the gateway on the admin web pages on the Auth server.</div> <div>&nbsp;</div> <div>I would appreciate any help with my config or what I might be missing.</div> <div>&nbsp;</div> <div>Thank you.</div> <div>&nbsp;</div> <div>John Boushall</div><p> <hr size=1>Do you Yahoo!?<br> Get on board. <a href="http://us.rd.yahoo.com/evt=40791/*http://advision.webevents.yahoo.com/mailbeta">You're invited</a> to try the new Yahoo! Mail.<p>&#32; <hr size=1>Get your email and more, right on the <a href="http://us.rd.yahoo.com/evt=42973/*http://www.yahoo.com/preview"> new Yahoo.com</a> --0-888974169-1160165502=:39484-- --0-863580201-1160165502=:39484 Content-Type: text/plain; name="log.txt" Content-Description: 3757061641-log.txt Content-Disposition: inline; filename="log.txt" [6][Fri Dec 31 19:09:29 1999][1293](conf.c:575) Reading configuration file '/etc/wifidog.conf' [7][Fri Dec 31 19:09:29 1999][1293](conf.c:614) Parsing token: GatewayID, value: marina [7][Fri Dec 31 19:09:29 1999][1293](conf.c:614) Parsing token: ExternalInterface, value: vlan1 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:614) Parsing token: GatewayInterface, value: eth1 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:614) Parsing token: AuthServer, value: { [7][Fri Dec 31 19:09:29 1999][1293](conf.c:287) Adding tyccwifi:80 (SSL: 443) /wifidog/ to the auth server list [7][Fri Dec 31 19:09:29 1999][1293](conf.c:309) Auth server added [7][Fri Dec 31 19:09:29 1999][1293](conf.c:614) Parsing token: CheckInterval, value: 60 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:614) Parsing token: ClientTimeout, value: 5 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:614) Parsing token: FirewallRuleSet, value: global [7][Fri Dec 31 19:09:29 1999][1293](conf.c:346) Adding Firewall Rule Set global [7][Fri Dec 31 19:09:29 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow udp to 10.1.31.105/27] [7][Fri Dec 31 19:09:29 1999][1293](conf.c:432) leftover: allow udp to 10.1.31.105/27 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:514) Adding Firewall Rule allow udp port (null) to 10.1.31.105/27 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow udp to 10.1.31.105/27] [7][Fri Dec 31 19:09:29 1999][1293](conf.c:432) leftover: allow udp to 10.1.31.105/27 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:514) Adding Firewall Rule allow udp port (null) to 10.1.31.105/27 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow tcp port 80 to 10.1.31.105] [7][Fri Dec 31 19:09:29 1999][1293](conf.c:432) leftover: allow tcp port 80 to 10.1.31.105 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:514) Adding Firewall Rule allow tcp port 80 to 10.1.31.105 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:409) Firewall Rule Set global added. [7][Fri Dec 31 19:09:29 1999][1293](conf.c:614) Parsing token: FirewallRuleSet, value: validating-users [7][Fri Dec 31 19:09:29 1999][1293](conf.c:346) Adding Firewall Rule Set validating-users [7][Fri Dec 31 19:09:29 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [block tcp port 25] [7][Fri Dec 31 19:09:29 1999][1293](conf.c:432) leftover: block tcp port 25 [7][Fri Dec 31 19:09:29 1999][1293](conf.c:514) Adding Firewall Rule block tcp port 25 to 0.0.0.0/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow to 10.1.31.254/0] [7][Fri Dec 31 19:09:30 1999][1293](conf.c:432) leftover: allow to 10.1.31.254/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:514) Adding Firewall Rule allow (null) port (null) to 10.1.31.254/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:409) Firewall Rule Set validating-users added. [7][Fri Dec 31 19:09:30 1999][1293](conf.c:614) Parsing token: FirewallRuleSet, value: known-users [7][Fri Dec 31 19:09:30 1999][1293](conf.c:346) Adding Firewall Rule Set known-users [7][Fri Dec 31 19:09:30 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow to 10.1.31.254/0] [7][Fri Dec 31 19:09:30 1999][1293](conf.c:432) leftover: allow to 10.1.31.254/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:514) Adding Firewall Rule allow (null) port (null) to 10.1.31.254/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:409) Firewall Rule Set known-users added. [7][Fri Dec 31 19:09:30 1999][1293](conf.c:614) Parsing token: FirewallRuleSet, value: unknown-users [7][Fri Dec 31 19:09:30 1999][1293](conf.c:346) Adding Firewall Rule Set unknown-users [7][Fri Dec 31 19:09:30 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow udp port 53] [7][Fri Dec 31 19:09:30 1999][1293](conf.c:432) leftover: allow udp port 53 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:514) Adding Firewall Rule allow udp port 53 to 0.0.0.0/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow tcp port 53] [7][Fri Dec 31 19:09:30 1999][1293](conf.c:432) leftover: allow tcp port 53 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:514) Adding Firewall Rule allow tcp port 53 to 0.0.0.0/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow udp port 67] [7][Fri Dec 31 19:09:30 1999][1293](conf.c:432) leftover: allow udp port 67 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:514) Adding Firewall Rule allow udp port 67 to 0.0.0.0/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [allow tcp port 67] [7][Fri Dec 31 19:09:30 1999][1293](conf.c:432) leftover: allow tcp port 67 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:514) Adding Firewall Rule allow tcp port 67 to 0.0.0.0/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:409) Firewall Rule Set unknown-users added. [7][Fri Dec 31 19:09:30 1999][1293](conf.c:614) Parsing token: FirewallRuleSet, value: locked-users [7][Fri Dec 31 19:09:30 1999][1293](conf.c:346) Adding Firewall Rule Set locked-users [7][Fri Dec 31 19:09:30 1999][1293](conf.c:385) p1 = [FirewallRule]; p2 = [block to 0.0.0.0/0] [7][Fri Dec 31 19:09:30 1999][1293](conf.c:432) leftover: block to 0.0.0.0/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:514) Adding Firewall Rule block (null) port (null) to 0.0.0.0/0 [7][Fri Dec 31 19:09:30 1999][1293](conf.c:409) Firewall Rule Set locked-users added. [7][Fri Dec 31 19:09:30 1999][1293](gateway.c:310) Initializing signal handlers [6][Fri Dec 31 19:09:30 1999][1293](gateway.c:370) Setting started_time [7][Fri Dec 31 19:09:30 1999][1293](gateway.c:380) Finding IP address of eth1 [7][Fri Dec 31 19:09:30 1999][1293](gateway.c:385) eth1 = 172.31.2.254 [5][Fri Dec 31 19:09:31 1999][1293](gateway.c:399) Creating web server on 172.31.2.254:2060 --0-863580201-1160165502=:39484 Content-Type: text/plain; name=S45firewall Content-Description: 2294482764-S45firewall Content-Disposition: inline; filename=S45firewall #!/bin/sh ## Please make changes in /etc/firewall.user . /etc/functions.sh WAN=$(nvram get wan_ifname) LAN=$(nvram get lan_ifname) ## CLEAR TABLES for T in filter nat; do iptables -t $T -F iptables -t $T -X done iptables -N input_rule iptables -N output_rule iptables -N forwarding_rule iptables -t nat -N prerouting_rule iptables -t nat -N postrouting_rule ### INPUT ### (connections with the router as destination) # base case iptables -P INPUT DROP iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP # # insert accept rule or to jump to new accept-check table here # iptables -A INPUT -j input_rule # allow iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces iptables -A INPUT -p icmp -j ACCEPT # allow ICMP iptables -A INPUT -p gre -j ACCEPT # allow GRE # reject (what to do with anything not allowed earlier) iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable ### OUTPUT ### (connections with the router as source) # base case iptables -P OUTPUT DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # # insert accept rule or to jump to new accept-check table here # iptables -A OUTPUT -j output_rule # allow iptables -A OUTPUT -j ACCEPT #allow everything out # reject (what to do with anything not allowed earlier) iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable ### FORWARDING ### (connections routed through the router) # base case iptables -P FORWARD DROP iptables -A FORWARD -m state --state INVALID -j DROP iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # # insert accept rule or to jump to new accept-check table here # iptables -A FORWARD -j forwarding_rule # allow # iptables -A FORWARD -i br0 -o br0 -j ACCEPT # iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT # reject (what to do with anything not allowed earlier) # uses the default -P DROP ### MASQ iptables -t nat -A PREROUTING -j prerouting_rule iptables -t nat -A POSTROUTING -j postrouting_rule iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE ## USER RULES [ -f /etc/firewall.user ] && . /etc/firewall.user [ -e /etc/config/firewall ] && { awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall | ash } --0-863580201-1160165502=:39484 Content-Type: text/plain; name="wifidog.conf" Content-Description: 39611862-wifidog.conf Content-Disposition: inline; filename="wifidog.conf" # $Header$ # WiFiDog Configuration file # Parameter: GatewayID # Default: default # Optional but essential for monitoring purposes # # Set this to the template ID on the auth server # this is used to give a customized login page to the clients # If none is supplied, the default login page will be used. GatewayID marina # Parameter: ExternalInterface # Default: NONE # Optional # # Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise ExternalInterface vlan1 # Parameter: GatewayInterface # Default: NONE # Mandatory # # Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise GatewayInterface eth1 # Parameter: GatewayAddress # Default: Find it from GatewayInterface # Optional # # Set this to the internal IP address of the gateway # GatewayAddress 192.168.1.1 # Parameter: AuthServMaxTries # Default: 1 # Optional # # Sets the number of auth servers the gateway will attempt to contact when a request fails. # this number should be equal to the number of AuthServer lines in this # configuration but it should probably not exceed 3. # AuthServMaxTries 3 # Parameter: AuthServer # Default: NONE # Mandatory # # Set this to the hostname or IP of your auth server, the path where # WiFiDog-auth resides and optionally as a second argument, the port it # listens on. #AuthServer { # Hostname (Mandatory; Default: NONE) # SSLAvailable (Optional; Default: no; Possible values: yes, no) # SSLPort 443 (Optional; Default: 443) # HTTPPort 80 (Optional; Default: 80) # Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.) #} AuthServer { Hostname tyccwifi SSLAvailable no } #AuthServer { # Hostname auth2.ilesansfil.org # SSLAvailable yes # Path / #} #AuthServer { # Hostname auth3.ilesansfil.org # SSLAvailable yes # Path / #} # Parameter: Daemon # Default: 1 # Optional # # Set this to true if you want to run as a daemon # Daemon 1 # Parameter: GatewayPort # Default: 2060 # Optional # # Listen on this port # GatewayPort 2060 # Parameter: HTTPDName # Default: WiFiDog # Optional # # Define what name the HTTPD server will respond # HTTPDName WiFiDog # Parameter: HTTPDMaxConn # Default: 10 # Optional # # How many sockets to listen to # HTTPDMaxConn 10 # Parameter: CheckInterval # Default: 60 # Optional # # How many seconds should we wait between timeout checks CheckInterval 60 # Parameter: ClientTimeout # Default: 5 # Optional # # Set this to the desired of number of CheckInterval of inactivity before a client is logged out # The timeout will be INTERVAL * TIMEOUT ClientTimeout 5 # Parameter: FirewallRuleSet # Default: none # Mandatory # # Groups a number of FirewallRule statements together. # Parameter: FirewallRule # Default: none # # Define one firewall rule in a rule set. # Rule Set: global # # Used for rules to be applied to all other rulesets except locked. # This is the default config for the Teliphone service. FirewallRuleSet global { FirewallRule allow udp to 10.1.31.105/27 FirewallRule allow udp to 10.1.31.105/27 FirewallRule allow tcp port 80 to 10.1.31.105 } # Rule Set: validating-users # # Used for new users validating their account FirewallRuleSet validating-users { FirewallRule block tcp port 25 FirewallRule allow to 10.1.31.254/0 } # Rule Set: known-users # # Used for normal validated users. FirewallRuleSet known-users { FirewallRule allow to 10.1.31.254/0 } # Rule Set: unknown-users # # Used for unvalidated users, this is the ruleset that gets redirected. # # XXX The redirect code adds the Default DROP clause. FirewallRuleSet unknown-users { FirewallRule allow udp port 53 FirewallRule allow tcp port 53 FirewallRule allow udp port 67 FirewallRule allow tcp port 67 } # Rule Set: locked-users # # Used for users that have been locked out. FirewallRuleSet locked-users { FirewallRule block to 0.0.0.0/0 } --0-863580201-1160165502=:39484 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline _______________________________________________ WiFiDog mailing list WiFiDog@listes.ilesansfil.org http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog --0-863580201-1160165502=:39484-- ]