<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
I am trying to configure WiFiDog on my WRT54G 1.1 running DD-WRT
v24-sp2 (01/01/09) std - build 11296M NEWD Eko.<br>
<br>
Before enabling WiFiDog, wireless clients can access the internet, but
once it is enabled they timeout. They can access the WiFiDog status
page on port 2060.<br>
<br>
WiFiDog is connected to the authorisation server and the Internet, and
I can see the pings in the server log, but there are no login requests
in the log.<br>
<br>
The network configuration is an ADSL router providing a NATted subnet
192.168.0.0/24 to which is connected the WAN port of the WRT54G with
address 192.168.0.2. The WRT54G is running as a gateway and NATting to
subnet 192.168.5.0/24 and its own address is 192.168.5.2. The
authorisation server is a Synology DS207+ NAS server with address
192.168.0.16 which is running Apache/PHP and is also the DNS server.<br>
<br>
As the Synology doesn't have PostgreSQL, I have started by using
wifidog-auth-lite, and will build my simple requirements on that and
using MySQL. As I said the ping is working and accepted by the WiFiDog
gateway, but no login requests are forwarded.<br>
<br>
Could someone, please, point me to the error of my ways?<br>
<br>
Pete<br>
<br>
/tmp/etc/wifidog.conf<br>
<blockquote>
<address><tt>GatewayID xxxxxxx</tt></address>
<address><tt>ExternalInterface vlan1</tt></address>
<address><tt>GatewayInterface br0</tt></address>
<address><tt>GatewayPort 2060</tt></address>
<address><tt>HTTPDMaxConn 10</tt></address>
<address><tt>HTTPDName WiFiDog</tt></address>
<address><tt>CheckInterval 60</tt></address>
<address><tt>ClientTimeout 60</tt></address>
<address><tt>TrustedMACList</tt></address>
<address><tt>AuthServer {</tt></address>
<address><tt>Hostname xxxxxxx (actual hostname resolved by DNS
and Apache to auth server web site)<br>
</tt></address>
<address><tt>SSLAvailable no</tt></address>
<address><tt>SSLPort 443</tt></address>
<address><tt>HTTPPort 80</tt></address>
<address><tt>Path /wifidog/</tt></address>
<address><tt>}</tt></address>
<address><tt>FirewallRuleSet validating-users {</tt></address>
<address><tt>FirewallRule allow to 0.0.0.0/0</tt></address>
<address><tt>}</tt></address>
<address><tt>FirewallRuleSet known-users {</tt></address>
<address><tt>FirewallRule allow to 0.0.0.0/0</tt></address>
<address><tt>}</tt></address>
<address><tt>FirewallRuleSet unknown-users {</tt></address>
<address><tt>FirewallRule allow udp port 53</tt></address>
<address><tt>FirewallRule allow tcp port 53</tt></address>
<address><tt>FirewallRule allow udp port 67</tt></address>
<address><tt>FirewallRule allow tcp port 67</tt></address>
<address><tt>}</tt></address>
<address><tt>FirewallRuleSet locked-users {</tt></address>
<address><tt>FirewallRule block to 0.0.0.0/0</tt></address>
<address><tt>}<br>
</tt></address>
</blockquote>
iptables -L<tt><br>
</tt>
<blockquote><tt>Chain INPUT (policy ACCEPT)<br>
target prot opt source destination<br>
ACCEPT 0 -- anywhere anywhere state
RELATED,ESTABLISHED<br>
DROP udp -- anywhere anywhere udp
dpt:route<br>
DROP udp -- anywhere anywhere udp
dpt:route<br>
ACCEPT udp -- anywhere anywhere udp
dpt:route<br>
logaccept tcp -- anywhere DD-WRT tcp dpt:www<br>
logaccept tcp -- anywhere DD-WRT tcp dpt:ssh<br>
DROP icmp -- anywhere anywhere<br>
DROP igmp -- anywhere anywhere<br>
ACCEPT 0 -- anywhere anywhere state NEW<br>
logaccept 0 -- anywhere anywhere state NEW<br>
DROP 0 -- anywhere anywhere<br>
<br>
Chain FORWARD (policy ACCEPT)<br>
target prot opt source destination<br>
WiFiDog_WIFI2Internet 0 -- anywhere anywhere<br>
ACCEPT gre -- 192.168.5.0/24 anywhere<br>
ACCEPT tcp -- 192.168.5.0/24 anywhere tcp
dpt:1723<br>
ACCEPT 0 -- anywhere anywhere<br>
logdrop 0 -- anywhere anywhere state
INVALID<br>
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU<br>
lan2wan 0 -- anywhere anywhere<br>
ACCEPT 0 -- anywhere anywhere state
RELATED,ESTABLISHED<br>
TRIGGER 0 -- anywhere anywhere TRIGGER
type:in match:0 relate:0<br>
trigger_out 0 -- anywhere anywhere<br>
ACCEPT 0 -- anywhere anywhere state NEW<br>
DROP 0 -- anywhere anywhere<br>
<br>
Chain OUTPUT (policy ACCEPT)<br>
target prot opt source destination<br>
<br>
Chain WiFiDog_AuthServers (1 references)<br>
target prot opt source destination<br>
ACCEPT 0 -- anywhere Vulcan.xshew.org<br>
<br>
Chain WiFiDog_Global (1 references)<br>
target prot opt source destination<br>
<br>
Chain WiFiDog_Known (1 references)<br>
target prot opt source destination<br>
ACCEPT 0 -- anywhere anywhere<br>
<br>
Chain WiFiDog_Locked (1 references)<br>
target prot opt source destination<br>
REJECT 0 -- anywhere anywhere
reject-with icmp-port-unreachable<br>
<br>
Chain WiFiDog_Unknown (1 references)<br>
target prot opt source destination<br>
ACCEPT udp -- anywhere anywhere udp
dpt:domain<br>
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain<br>
ACCEPT udp -- anywhere anywhere udp
dpt:bootps<br>
ACCEPT tcp -- anywhere anywhere tcp
dpt:bootps<br>
REJECT 0 -- anywhere anywhere
reject-with icmp-port-unreachable<br>
<br>
Chain WiFiDog_Validate (1 references)<br>
target prot opt source destination<br>
ACCEPT 0 -- anywhere anywhere<br>
<br>
Chain WiFiDog_WIFI2Internet (1 references)<br>
target prot opt source destination<br>
DROP 0 -- anywhere anywhere state
INVALID<br>
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU<br>
WiFiDog_AuthServers 0 -- anywhere anywhere<br>
WiFiDog_Locked 0 -- anywhere anywhere MARK
match 0x254<br>
WiFiDog_Global 0 -- anywhere anywhere<br>
WiFiDog_Validate 0 -- anywhere anywhere
MARK match 0x1<br>
WiFiDog_Known 0 -- anywhere anywhere MARK
match 0x2<br>
WiFiDog_Unknown 0 -- anywhere anywhere<br>
<br>
Chain advgrp_1 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_10 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_2 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_3 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_4 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_5 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_6 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_7 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_8 (0 references)<br>
target prot opt source destination<br>
<br>
Chain advgrp_9 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_1 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_10 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_2 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_3 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_4 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_5 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_6 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_7 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_8 (0 references)<br>
target prot opt source destination<br>
<br>
Chain grp_9 (0 references)<br>
target prot opt source destination<br>
<br>
Chain lan2wan (1 references)<br>
target prot opt source destination<br>
<br>
Chain logaccept (3 references)<br>
target prot opt source destination<br>
ACCEPT 0 -- anywhere anywhere<br>
<br>
Chain logdrop (1 references)<br>
target prot opt source destination<br>
DROP 0 -- anywhere anywhere<br>
<br>
Chain logreject (0 references)<br>
target prot opt source destination<br>
REJECT tcp -- anywhere anywhere tcp
reject-with tcp-reset<br>
<br>
Chain trigger_out (1 references)<br>
target prot opt source destination<br>
</tt></blockquote>
root@DD-WRT:/tmp/etc# ifconfig -a <br>
<blockquote><tt>br0 Link encap:Ethernet HWaddr 00:06:25:FF:9D:80</tt><br>
<tt> inet addr:192.168.5.2 Bcast:192.168.5.255
Mask:255.255.255.0</tt><br>
<tt> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</tt><br>
<tt> RX packets:15676 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:2701 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:0</tt><br>
<tt> RX bytes:1596127 (1.5 MiB) TX bytes:270890 (264.5 KiB)</tt><br>
<br>
<tt>br0:0 Link encap:Ethernet HWaddr 00:06:25:FF:9D:80</tt><br>
<tt> inet addr:169.254.255.1 Bcast:169.254.255.255
Mask:255.255.0.0</tt><br>
<tt> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</tt><br>
<br>
<tt>eth0 Link encap:Ethernet HWaddr 00:06:25:FF:9D:80</tt><br>
<tt> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</tt><br>
<tt> RX packets:30725 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:13791 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:1000</tt><br>
<tt> RX bytes:4820506 (4.5 MiB) TX bytes:2943117 (2.8 MiB)</tt><br>
<tt> Interrupt:3</tt><br>
<br>
<tt>eth1 Link encap:Ethernet HWaddr 00:06:25:FF:9D:81</tt><br>
<tt> BROADCAST MULTICAST MTU:1500 Metric:1</tt><br>
<tt> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:1000</tt><br>
<tt> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</tt><br>
<tt> Interrupt:4</tt><br>
<br>
<tt>eth2 Link encap:Ethernet HWaddr 00:06:25:FF:9D:82</tt><br>
<tt> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</tt><br>
<tt> RX packets:3796 errors:0 dropped:0 overruns:0
frame:823442</tt><br>
<tt> TX packets:3815 errors:1112 dropped:0 overruns:0
carrier:0</tt><br>
<tt> collisions:0 txqueuelen:1000</tt><br>
<tt> RX bytes:389766 (380.6 KiB) TX bytes:559501 (546.3 KiB)</tt><br>
<tt> Interrupt:6 Base address:0x2000</tt><br>
<br>
<tt>etherip0 Link encap:Ethernet HWaddr 1A:A9:6C:FD:D0:48</tt><br>
<tt> BROADCAST MULTICAST MTU:1500 Metric:1</tt><br>
<tt> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:0</tt><br>
<tt> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</tt><br>
<br>
<tt>lo Link encap:Local Loopback</tt><br>
<tt> inet addr:127.0.0.1 Mask:255.0.0.0</tt><br>
<tt> UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1</tt><br>
<tt> RX packets:1888 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:1888 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:0</tt><br>
<tt> RX bytes:165636 (161.7 KiB) TX bytes:165636 (161.7 KiB)</tt><br>
<br>
<tt>teql0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00</tt><br>
<tt> NOARP MTU:1500 Metric:1</tt><br>
<tt> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:100</tt><br>
<tt> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</tt><br>
<br>
<tt>vlan0 Link encap:Ethernet HWaddr 00:06:25:FF:9D:80</tt><br>
<tt> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</tt><br>
<tt> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:1112 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:0</tt><br>
<tt> RX bytes:0 (0.0 B) TX bytes:231654 (226.2 KiB)</tt><br>
<br>
<tt>vlan1 Link encap:Ethernet HWaddr 00:06:25:FF:9D:81</tt><br>
<tt> inet addr:192.168.0.2 Bcast:192.168.0.255
Mask:255.255.255.0</tt><br>
<tt> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</tt><br>
<tt> RX packets:30724 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:12680 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:0</tt><br>
<tt> RX bytes:4267300 (4.0 MiB) TX bytes:2644243 (2.5 MiB)</tt><br>
<br>
<tt>wl0.1 Link encap:Ethernet HWaddr 00:06:25:FF:9D:82</tt><br>
<tt> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</tt><br>
<tt> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</tt><br>
<tt> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</tt><br>
<tt> collisions:0 txqueuelen:1000</tt><br>
<tt> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</tt><br>
</blockquote>
<BR>
<BR>
__________ Information from ESET Smart Security, version of virus signature database 4177 (20090622) __________<BR>
<BR>
The message was checked by ESET Smart Security.<BR>
<BR>
<A HREF="http://www.eset.com">http://www.eset.com</A><BR>
</body>
</html>