<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Hi All,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>We have successfully installed wifidog gateway and
authserver on centos 5 and all seems to be working well except for one issue:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>We are using a default iptables configuration and when the
gateway service is not running our box becomes an open router to the
internet for any users who happen to connect to our wireless network.
Does anyone have an iptables configuration that would “turn-off”
the wireless access without the wifidog gateway running? If that is not
possible, are there other methods that anyone would care to float to prevent
access when the gateway service is not running?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Here is the default code from our iptables, eth0 is
internal, eth1 is wi-fi:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>*filter<o:p></o:p></p>
<p class=MsoNormal>:INPUT ACCEPT [0:0]<o:p></o:p></p>
<p class=MsoNormal>:FORWARD ACCEPT [0:0]<o:p></o:p></p>
<p class=MsoNormal>:OUTPUT ACCEPT [0:0]<o:p></o:p></p>
<p class=MsoNormal>-A INPUT -i eth1 -j LOG --log-prefix
"BANDWIDTH_IN:" --log-level 7<o:p></o:p></p>
<p class=MsoNormal>-A FORWARD -o eth1 -j LOG --log-prefix
"BANDWIDTH_OUT:" --log-level 7<o:p></o:p></p>
<p class=MsoNormal>-A FORWARD -i eth1 -j LOG --log-prefix
"BANDWIDTH_IN:" --log-level 7<o:p></o:p></p>
<p class=MsoNormal>-A OUTPUT -o eth1 -j LOG --log-prefix
"BANDWIDTH_OUT:" --log-level 7<o:p></o:p></p>
<p class=MsoNormal>COMMIT<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Obviously, the gateway, when running adds a number of
additional configuration commands to this configuration, but we have not be
able to come up with any configuration that seems to prevent access when the
gateway is not running.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Also, is there any documentation freely available related to
the firewallruleset commands in the wifidog.conf file? We would be
interested in limiting and logging some of the outgoing ports that are used.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Matt<o:p></o:p></p>
</div>
</body>
</html>