wifidog
Tengo que montar un portal, he elejido usar wifidog sobre debian (¿como
no?).
Estoy siguiendo la documentación de la pagina web de wifidog, instalando
todo en una única maquina.
En principio no he tenido problemas para instalar el AuthServer (he
empezado por detrás, (que le vamos ha hacer), no tengo problemas en
configurarlo ni en instalarlo, tampoco en la parte de postgres, tampoco
en el cliente.
Pero tras instalar el cliente y ejecutar "wifidog -f -d 7" no pasa nada
de nada, sigo pudiendo navegar sin que aparezca el portal cáptivo.
¿Alguien puede darme norte?
Por si sirve de algo las reglas de iptables sin el wifidog son:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
multiport dports bootps,bootpc
ACCEPT udp -- anywhere anywhere udp
multiport dports bootps,bootpc
ACCEPT udp -- anywhere anywhere udp
multiport dports bootps,bootpc
LOG all -- anywhere anywhere LOG level
debug prefix "BANDWIDTH_IN:"
ACCEPT tcp -- anywhere anywhere tcp
dpt:webmin
ACCEPT tcp -- anywhere anywhere tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere tcpflags:
ACK/ACK
ACCEPT all -- anywhere anywhere state
ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED
ACCEPT udp -- anywhere anywhere udp
spt:domain dpts:1024:65535
ACCEPT icmp -- anywhere anywhere icmp
echo-reply
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp
source-quench
ACCEPT icmp -- anywhere anywhere icmp
time-exceeded
ACCEPT icmp -- anywhere anywhere icmp
parameter-problem
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp
dpt:http
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
debug prefix "BANDWIDTH_OUT:"
LOG all -- anywhere anywhere LOG level
debug prefix "BANDWIDTH_IN:"
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
debug prefix "BANDWIDTH_OUT:"
DROP udp -- anywhere anywhere udp
multiport sports bootps,bootpc
DROP udp -- anywhere anywhere udp
multiport dports bootps,bootpc
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
tras ejecutar "wifidog -f -d 7"
las reglas son:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
multiport dports bootps,bootpc
ACCEPT udp -- anywhere anywhere udp
multiport dports bootps,bootpc
ACCEPT udp -- anywhere anywhere udp
multiport dports bootps,bootpc
LOG all -- anywhere anywhere LOG level
debug prefix "BANDWIDTH_IN:"
ACCEPT tcp -- anywhere anywhere tcp
dpt:webmin
ACCEPT tcp -- anywhere anywhere tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere tcpflags:
ACK/ACK
ACCEPT all -- anywhere anywhere state
ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED
ACCEPT udp -- anywhere anywhere udp
spt:domain dpts:1024:65535
ACCEPT icmp -- anywhere anywhere icmp
echo-reply
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp
source-quench
ACCEPT icmp -- anywhere anywhere icmp
time-exceeded
ACCEPT icmp -- anywhere anywhere icmp
parameter-problem
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp
dpt:http
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
debug prefix "BANDWIDTH_OUT:"
LOG all -- anywhere anywhere LOG level
debug prefix "BANDWIDTH_IN:"
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
debug prefix "BANDWIDTH_OUT:"
DROP udp -- anywhere anywhere udp
multiport sports bootps,bootpc
DROP udp -- anywhere anywhere udp
multiport dports bootps,bootpc
Chain WiFiDog_vlan1000_AuthServers (0 references)
target prot opt source destination
ACCEPT all -- anywhere localhost
Chain WiFiDog_vlan1000_Global (0 references)
target prot opt source destination
Chain WiFiDog_vlan1000_Known (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain WiFiDog_vlan1000_Locked (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
Chain WiFiDog_vlan1000_Unknown (0 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
dpt:domain
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain
ACCEPT udp -- anywhere anywhere udp
dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp
dpt:bootps
REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
Chain WiFiDog_vlan1000_Validate (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
WiFiDog_vlan1000_Outgoing all -- anywhere
anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain WiFiDog_vlan1000_AuthServers (1 references)
target prot opt source destination
ACCEPT all -- anywhere localhost
Chain WiFiDog_vlan1000_Global (1 references)
target prot opt source destination
Chain WiFiDog_vlan1000_Outgoing (1 references)
target prot opt source destination
WiFiDog_vlan1000_WIFI2Router all -- anywhere
172.17.0.1
Chain WiFiDog_vlan1000_Unknown (0 references)
target prot opt source destination
WiFiDog_vlan1000_AuthServers all -- anywhere
anywhere
WiFiDog_vlan1000_Global all -- anywhere
anywhere
REDIRECT tcp -- anywhere anywhere tcp
dpt:http redir ports 2060
Chain WiFiDog_vlan1000_WIFI2Router (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Reply to: