Ticket #466 (closed Feature Request: fixed)

Opened 13 years ago

Last modified 12 years ago

Running several instances of wifidog gateway

Reported by: v_w_us@… Owned by:
Priority: normal Milestone: Not yet assigned to a Milestone
Component: Gateway Version:
Keywords: Cc:

Description

Hello,

We want to run our wifidog gateway server listening to several subnets. Each subnet is completely independent (users in one subnet must not see other subnets).

Currently it is not possible to run several instances of wifidog gateway in the same server, because iptables chain names clash.

In addition, NAT/masquerading rules must be active before launching wifidog gateway. This poses a potential security problem in case wifidog crashes: non authenticated users would have access to the network.

To address these issues, we are proposing some patches implementing these new features:

  • Adding a prefix to the iptables chain names
  • Adding support to activate a default NAT route

Such features have been added to the config file, leaving wifidog functionality intact in case they are not used.

How should we proceed to submit these patches for your revision? We are very much interested in these new features being included in wifidog gateway.

Thanks in advance...

Victor

Attachments

0001-Cleanup-fix-compiler-warnings.patch Download (20.2 KB) - added by wichert@… 13 years ago.
0002-Use-gateway-id-in-names-in-firewall-table-names.patch Download (16.2 KB) - added by wichert@… 13 years ago.

Change History

Changed 13 years ago by wichert@…

I have implemented this. The config locking rules are a bit odd but as far as I can see this should work properly now.

Changed 13 years ago by wichert@…

Changed 13 years ago by wichert@…

Changed 13 years ago by wichert@…

These changes are based on a tree with the patches from issues #462, #463, #464 and #465 applied. If necessary I can rediff them from the current svn tree. I'ld really prefer to have all patches applied though :)

Changed 12 years ago by wichert@…

There is at least one extra bugfix needed for this (iptables_insert_gateway_id call when updating incoming data). If there is any interest in merging this please let me know - cleaning up the diffs only to have them collect dust here takes more time than I have available at the moment.

Changed 12 years ago by wichert

  • status changed from new to closed
  • resolution set to fixed

Commited in r1375

Note: See TracTickets for help on using tickets.