Help with iptables and XT_COOVA #562
Comments
|
to answer my own question, adding this solved my issue now it looks like this and "works". `Chain INPUT (policy ACCEPT 39 packets, 2351 bytes) Chain FORWARD (policy DROP 0 packets, 0 bytes) Chain OUTPUT (policy ACCEPT 37 packets, 82121 bytes) Chain INPUT_tun0 (1 references) Thank you |
Good day,
On Ubuntu 20.04.5 LTS
coova-chilli 1.6
Compiled with ENABLE_DEBUG ENABLE_ACCOUNTING_ONOFF ENABLE_BINSTATFILE ENABLE_CHILLIQUERY ENABLE_COA ENABLE_RADPROXY ENABLE_CHILLIREDIR ENABLE_DHCPRADIUS ENABLE_IEEE8021Q ENABLE_IPV6 ENABLE_JSON ENABLE_LEAKYBUCKET ENABLE_STATFILE ENABLE_TAP ENABLE_TCPRESET ENABLE_UAMANYIP ENABLE_UAMUIPORT HAVE_NETFILTER_COOVA HAVE_OPENSSL
I have a problem with XT_COOVA and my iptables. (and i have no idea what I am doing)
enp1s0 = dhcp assigned (wan)
enp5s0 = 192.168.182.1/16 (coova interface)
enp6s0 = 192.170.1.1/24 (internal net)
I can not access my internal network where my splash page is. With the below iptables i just get a timeout
`Chain INPUT (policy ACCEPT 6624 packets, 578K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source
0 0 INPUT_tun0 all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 383 packets, 110K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- enp1s0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 enp1s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- enp1s0 enp5s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest
0 0 ACCEPT all -- enp5s0 enp1s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source
0 0 DROP all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6240 packets, 4031K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT_tun0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun0 * 0.0.0.0/0 11.1.0.1 tcp dpt:3990
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 `
If I add
iptables -I INPUT -d 192.170.1.0/24 -j ACCEPTthen i get a TCP RESET error.To be noted that this config works perfectly if my splash page is on the internet. Once authenticated i can access my internal lan.
my config:
`HS_WANIF=enp1s0 # WE ALSO Need to specify this
HS_LANIF=enp5s0 # Subscriber Interface for client devices
HS_NETWORK=192.168.182.0
HS_NETMASK=255.255.0.0
HS_UAMLISTEN=11.1.0.1
HS_UAMPORT=3990
HS_UAMUIPORT=4990
HS_DYNIP=192.168.182.0
HS_DYNIP_MASK=255.255.255.0
HS_STATIP=192.168.182.0
HS_STATIP_MASK=255.255.255.0
HS_DNS_DOMAIN=waveloc.com
HS_DNS1=8.8.8.8
HS_DNS2=8.8.4.4
HS_NASID=SERVER
HS_RADIUS=192.170.1.1
HS_RADIUS2=192.170.1.1
HS_UAMALLOW=waveloc.com,192.170.1.1
HS_RADSECRET=LETUSIN
HS_UAMSECRET=xxxxxx
HS_SSID=hotspot-express
HS_UAMFORMAT=http://192.170.1.1/cake3/rd_cake/dynamic-details/chilli-browser-detect/
HS_MACAUTH=on
HS_TCP_PORTS="80 443"
HS_LOC_NAME="My HotSpot"
HS_DHCPLISTEN=192.168.182.1
HS_DHCPIF=enp5s0
HS_SESKEEPALIVE=on
HS_ACCTUPDATE=on
for testing
#HS_NATANYIP=on
#HS_ANYIP=on
#HS_LAN_ACCESS=allow`
I even tried #62
Thank you in advance
The text was updated successfully, but these errors were encountered: