Ticket #578 (closed Bug report: duplicate)

Opened 10 years ago

Last modified 10 years ago

Not properly reading the MAC Address

Reported by: bladeon@… Owned by:
Priority: blocker Milestone: Gateway 1.1.5
Component: Gateway Version:
Keywords: Cc:

Description

After having set up bot the auth server and gateway, it appears that everything is installed correctly. However, after trying to login, the user is denied access or logs in but is unable to access the internet. After carefully watching the output of the gateway daemon, it seems that the fault lies somewhere in mac address formatting. Somehow the gatway is only keeping the first 4 characters of the formatted mac address I.E 00:1. When trying to add this to the iptable, iptables throws an error and the user's mac is not added to the table.

This is a problem, and I cannot source the cause.

My gateway conf:

# $Id: wifidog.conf 1243 2007-06-28 01:48:01Z benoitg $
# WiFiDog Configuration file

# Parameter: GatewayID
# Default: default
# Optional
#
# Set this to the node ID on the auth server
# this is used to give a customized login page to the clients and for
# monitoring/statistics purpose
# If none is supplied, the mac address of the GatewayInterface interface will be used,
# without the : separators

# GatewayID default

# Parameter: ExternalInterface
# Default: NONE
# Optional
#
# Set this to the external interface (the one going out to the Inernet or your larger LAN).  
# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,
# Normally autodetected

ExternalInterface eth1

# Parameter: GatewayInterface
# Default: NONE
# Mandatory
#
# Set this to the internal interface (typically your wifi interface).    
# Typically br0 for OpenWrt, and eth1, wlan0, ath0, etc. otherwise

GatewayInterface eth0

# Parameter: GatewayAddress
# Default: Find it from GatewayInterface
# Optional
#
# Set this to the internal IP address of the gateway.  Not normally required.

# GatewayAddress 192.168.1.1

# Parameter: AuthServer
# Default: NONE
# Mandatory, repeatable
#
# This allows you to configure your auth server(s).  Each one will be tried in order, untill one responds.
# Set this to the hostname or IP of your auth server(s), the path where
# WiFiDog-auth resides in and the port it listens on.
AuthServer {
	Hostname                 192.168.2.2
#	SSLAvailable             (Optional; Default: no; Possible values: yes, no)
#	SSLPort                  (Optional; Default: 443)
#	HTTPPort                 (Optional; Default: 80)
	Path                     /
#   LoginScriptPathFragment  (Optional; Default: login/? Note:  This is the script the user will be sent to for login.)
#   PortalScriptPathFragment (Optional; Default: portal/? Note:  This is the script the user will be sent to after a successfull login.)
#   MsgScriptPathFragment    (Optional; Default: gw_message.php? Note:  This is the script the user will be sent to upon error to read a readable message.)
#   PingScriptPathFragment    (Optional; Default: ping/? Note:  This is the script the user will be sent to upon error to read a readable message.)
#   AuthScriptPathFragment    (Optional; Default: auth/? Note:  This is the script the user will be sent to upon error to read a readable message.)
}

#AuthServer {
#    Hostname auth.ilesansfil.org
#    SSLAvailable yes
#    Path /
#}

#AuthServer {
#    Hostname auth2.ilesansfil.org
#    SSLAvailable yes
#    Path /
#}

# Parameter: Daemon
# Default: 1
# Optional
#
# Set this to true if you want to run as a daemon
# Daemon 1

# Parameter: GatewayPort
# Default: 2060
# Optional
#
# Listen on this port
# GatewayPort 2060

# Parameter: HTTPDName
# Default: WiFiDog
# Optional
#
# Define what name the HTTPD server will respond
# HTTPDName WiFiDog

# Parameter: HTTPDMaxConn
# Default: 10
# Optional
#
# How many sockets to listen to
# HTTPDMaxConn 10

# Parameter: CheckInterval
# Default: 60
# Optional
#
# How many seconds should we wait between timeout checks.  This is also
# how often the gateway will ping the auth server and how often it will
# update the traffic counters on the auth server.  Setting this too low
# wastes bandwidth, setting this too high will cause the gateway to take 
# a long time to switch to it's backup auth server(s).

# CheckInterval 60

# Parameter: ClientTimeout
# Default: 5
# Optional
#
# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
# The timeout will be INTERVAL * TIMEOUT
ClientTimeout 5

# Parameter: TrustedMACList
# Default: none
# Optional
#
# Comma separated list of MAC addresses who are allowed to pass
# through without authentication
#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D

# Parameter: FirewallRuleSet
# Default: none
# Mandatory
#
# Groups a number of FirewallRule statements together.

# Parameter: FirewallRule
# Default: none
# 
# Define one firewall rule in a rule set.

# Rule Set: global
# 
# Used for rules to be applied to all other rulesets except locked.
FirewallRuleSet global {
    ## To block SMTP out, as it's a tech support nightmare, and a legal liability
    #FirewallRule block tcp port 25
    
    ## Use the following if you don't want clients to be able to access machines on 
    ## the private LAN that gives internet access to wifidog.  Note that this is not
    ## client isolation;  The laptops will still be able to talk to one another, as
    ## well as to any machine bridged to the wifi of the router.
    # FirewallRule block to 192.168.0.0/16
    # FirewallRule block to 172.16.0.0/12
    # FirewallRule block to 10.0.0.0/8
    
    ## This is an example ruleset for the Teliphone service.
    #FirewallRule allow udp to 69.90.89.192/27
    #FirewallRule allow udp to 69.90.85.0/27
    #FirewallRule allow tcp port 80 to 69.90.89.205
}

# Rule Set: validating-users
#
# Used for new users validating their account
FirewallRuleSet validating-users {
    FirewallRule allow to 0.0.0.0/0
}

# Rule Set: known-users
#
# Used for normal validated users.
FirewallRuleSet known-users {
    FirewallRule allow to 0.0.0.0/0
}

# Rule Set: unknown-users
#
# Used for unvalidated users, this is the ruleset that gets redirected.
#
# XXX The redirect code adds the Default DROP clause.
FirewallRuleSet unknown-users {
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 67
    FirewallRule allow tcp port 67
}

# Rule Set: locked-users
#
# Not currently used
FirewallRuleSet locked-users {
    FirewallRule block to 0.0.0.0/0
}

Change History

Changed 10 years ago by jean-philippe.menil@…

Changed 10 years ago by benoitg

  • status changed from new to closed
  • resolution set to duplicate

Duplicate of #493, Fixed in [1389]

Note: See TracTickets for help on using tickets.