Running several instances of wifidog gateway

[v_w_us@…]

Hello,

We want to run our wifidog gateway server listening to several subnets. Each subnet is completely independent (users in one subnet must not see other subnets).

Currently it is not possible to run several instances of wifidog gateway in the same server, because iptables chain names clash.

In addition, NAT/masquerading rules must be active before launching wifidog gateway. This poses a potential security problem in case wifidog crashes: non authenticated users would have access to the network.

To address these issues, we are proposing some patches implementing these new features:

• Adding a prefix to the iptables chain names
• Adding support to activate a default NAT route

Such features have been added to the config file, leaving wifidog functionality intact in case they are not used.

How should we proceed to submit these patches for your revision? We are very much interested in these new features being included in wifidog gateway.

Thanks in advance...

Victor

[wichert@…]

I have implemented this. The config locking rules are a bit odd but as far as I can see this should work properly now.

[wichert@…]

These changes are based on a tree with the patches from issues #462, #463, #464 and #465 applied. If necessary I can rediff them from the current svn tree. I'ld really prefer to have all patches applied though :)

[wichert@…]

There is at least one extra bugfix needed for this (iptables_insert_gateway_id call when updating incoming data). If there is any interest in merging this please let me know - cleaning up the diffs only to have them collect dust here takes more time than I have available at the moment.

[wichert]

Commited in r1375