
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>


<meta http-equiv=Content-Type content="text/html; charset=utf-8">


<meta name=Generator content="Microsoft Word 12 (filtered medium)">


<style>


<!--


 /* Font Definitions */


 @font-face


        {font-family:Calibri;


        panose-1:2 15 5 2 2 2 4 3 2 4;}


@font-face


        {font-family:Tahoma;


        panose-1:2 11 6 4 3 5 4 4 2 4;}


 /* Style Definitions */


 p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0cm;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"Times New Roman","serif";}


a:link, span.MsoHyperlink


        {mso-style-priority:99;


        color:blue;


        text-decoration:underline;}


a:visited, span.MsoHyperlinkFollowed


        {mso-style-priority:99;


        color:purple;


        text-decoration:underline;}


span.EmailStyle17


        {mso-style-type:personal-reply;


        font-family:"Calibri","sans-serif";


        color:#1F497D;}


.MsoChpDefault


        {mso-style-type:export-only;}


@page Section1


        {size:612.0pt 792.0pt;


        margin:72.0pt 72.0pt 72.0pt 72.0pt;}


div.Section1


        {page:Section1;}


-->


</style>


<!--[if gte mso 9]><xml>


 <o:shapedefaults v:ext="edit" spidmax="1026" />


</xml><![endif]--><!--[if gte mso 9]><xml>


 <o:shapelayout v:ext="edit">


  <o:idmap v:ext="edit" data="1" />


 </o:shapelayout></xml><![endif]-->


</head>


<body lang=EN-GB link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'>Hi Pascal, Thanks for the reply.<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'>So would the following rule work?<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>FirewallRule


allow tcp port 28910,29900,29901,29920,80,443 &nbsp;to 83.36.93.0/24</span><span


style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'>From<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'>Robin Jones<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";


color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>


<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:


"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;


font-family:"Tahoma","sans-serif"'> wifidog-bounces@listes.ilesansfil.org


[mailto:wifidog-bounces@listes.ilesansfil.org] <b>On Behalf Of </b>Pascal


Charest<br>


<b>Sent:</b> 13 May 2008 11:36<br>


<b>To:</b> WiFiDog Captive Portal<br>


<b>Subject:</b> Re: [isf-wifidog] WiFiDog and the Nintendo DS<o:p></o:p></span></p>


</div>


<p class=MsoNormal><o:p>&nbsp;</o:p></p>


<p class=MsoNormal style='margin-bottom:12.0pt'>Hi, <br>


<br>


I do now know exactly how wifidog process its firewall rules, but lets say it


simply craft netfilters rules and pass them to iptables. <br>


<br>


It this case, you don't have any choices other than specifying the range since


the domain-name will be resolved only to one of those addresses and your rule


won't match that often.<br>


<br>


Once again, i do not know for wifidog, but I know that iptables does work with


CIDR mask (example : <a href="http://192.168.1.0/24).">192.168.1.0/24).</a>..&nbsp;


<br>


<br>


Pascal<o:p></o:p></p>


<div>


<p class=MsoNormal>On Mon, May 12, 2008 at 7:48 PM, Robin Jones &lt;<a


href="mailto:Robin@networkfusion.co.uk">Robin@networkfusion.co.uk</a>&gt;


wrote:<o:p></o:p></p>


<p class=MsoNormal>I am trying to answer a question on the ticket system #467


(I have asked<br>


the guy to use the mailing list, but to no avail), and yet also would<br>


like to make this work myself...<br>


<br>


I know about<br>


<a


href="https://dev.wifidog.org/wiki/doc/developer/SupportingDevicesWithNoWebBro"


target="_blank">https://dev.wifidog.org/wiki/doc/developer/SupportingDevicesWithNoWebBro</a><br>


wser and the simplest way seems to be 2-Whitelist specific servers<br>


<br>


Given the fact that these all have hostnames, can firewall rules contain<br>


these?<br>


<br>


If not, can you white list IP Ranges and corresponding ports?<br>


<br>


So for example, the servers I would like to white list are as follows:<br>


<br>


<a href="http://Contest.nintendo.net" target="_blank">Contest.nintendo.net</a>


- <a href="http://83.36.93.1" target="_blank">83.36.93.1</a> to <a


href="http://83.36.93.255" target="_blank">83.36.93.255</a><br>


<a href="http://Contest.nintendo.net" target="_blank">Contest.nintendo.net</a>


- <a href="http://61.54.24.1" target="_blank">61.54.24.1</a> to <a


href="http://61.54.24.255" target="_blank">61.54.24.255</a><br>


<a href="http://nas.nintendowifi.net" target="_blank">nas.nintendowifi.net</a>


- <a href="http://192.195.204.1" target="_blank">192.195.204.1</a> to <a


href="http://192.195.204.255" target="_blank">192.195.204.255</a><br>


<a href="http://gs.nintendowifi.net" target="_blank">gs.nintendowifi.net</a> - <a


href="http://207.38.11.1" target="_blank">207.38.11.1</a> to <a


href="http://207.38.11.255" target="_blank">207.38.11.255</a><br>


<a href="http://nus.shop.wii.com" target="_blank">nus.shop.wii.com</a> - <a


href="http://209.67.106.1" target="_blank">209.67.106.1</a> to <a


href="http://209.67.106.255" target="_blank">209.67.106.255</a><br>


<a href="http://rcw.wc24.wii.com" target="_blank">rcw.wc24.wii.com</a> - <a


href="http://125.199.254.1" target="_blank">125.199.254.1</a> to <a


href="http://125.199.254.255" target="_blank">125.199.254.255</a><br>


<a href="http://cfh.wapp.wii.com" target="_blank">cfh.wapp.wii.com</a> - <a


href="http://84.53.134.1" target="_blank">84.53.134.1</a> to <a


href="http://84.53.134.255" target="_blank">84.53.134.255</a><br>


<a href="http://weather.wapp.wii.com" target="_blank">weather.wapp.wii.com</a>


A - <a href="http://84.53.136.1" target="_blank">84.53.136.1</a> to <a


href="http://84.53.136.255" target="_blank">84.53.136.255</a><br>


<a href="http://weather.wapp.wii.com" target="_blank">weather.wapp.wii.com</a>


B - <a href="http://213.155.151.1" target="_blank">213.155.151.1</a> to <a


href="http://213.155.151.255" target="_blank">213.155.151.255</a><br>


<a href="http://opera.com" target="_blank">opera.com</a> - <a


href="http://213.236.208.1" target="_blank">213.236.208.1</a> to <a


href="http://213.236.208.255" target="_blank">213.236.208.255</a><br>


<a href="http://american-sk8land.com" target="_blank">american-sk8land.com</a>


- <a href="http://70.86.183.1" target="_blank">70.86.183.1</a> to <a


href="http://70.86.183.255" target="_blank">70.86.183.255</a><br>


<br>


So would the corresponding firewall rules in wifidog.conf work?:<br>


<br>


FirewallRule allow tcp port 28910, 29900,29901,29920,80,443 &nbsp;to<br>


83.36.93.1-83.36.93.255<br>


<br>


Or<br>


<br>


FirewallRule allow tcp port 28910, 29900,29901,29920,80,443 &nbsp;to<br>


<a href="http://Contest.nintendo.net" target="_blank">Contest.nintendo.net</a><br>


<br>


<br>


It has also been recommended to allow all udp traffic, would this be a<br>


security risk?<br>


<br>


<br>


<br>


Thanks,<br>


<br>


<br>


Robin Jones.<br>


<br>


<br>


_______________________________________________<br>


WiFiDog mailing list<br>


<a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a><br>


<a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog"


target="_blank">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a><o:p></o:p></p>


</div>


<p class=MsoNormal><br>


<br clear=all>


<br>


-- <br>


Pascal Charest, Free software consultant {GNU/Linux}<br>


<a href="http://blog.pacharest.com">http://blog.pacharest.com</a> <o:p></o:p></p>


</div>


</body>


</html>