We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Good day,
On Ubuntu 20.04.5 LTS
coova-chilli 1.6
Compiled with ENABLE_DEBUG ENABLE_ACCOUNTING_ONOFF ENABLE_BINSTATFILE ENABLE_CHILLIQUERY ENABLE_COA ENABLE_RADPROXY ENABLE_CHILLIREDIR ENABLE_DHCPRADIUS ENABLE_IEEE8021Q ENABLE_IPV6 ENABLE_JSON ENABLE_LEAKYBUCKET ENABLE_STATFILE ENABLE_TAP ENABLE_TCPRESET ENABLE_UAMANYIP ENABLE_UAMUIPORT HAVE_NETFILTER_COOVA HAVE_OPENSSL
I have a problem with XT_COOVA and my iptables. (and i have no idea what I am doing)
enp1s0 = dhcp assigned (wan) enp5s0 = 192.168.182.1/16 (coova interface) enp6s0 = 192.170.1.1/24 (internal net)
I can not access my internal network where my splash page is. With the below iptables i just get a timeout
`Chain INPUT (policy ACCEPT 6624 packets, 578K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source 0 0 INPUT_tun0 all -- tun0 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 383 packets, 110K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- enp1s0 tun0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tun0 enp1s0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- enp1s0 enp5s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 0 0 ACCEPT all -- enp5s0 enp1s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 0 0 DROP all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6240 packets, 4031K bytes) pkts bytes target prot opt in out source destination
Chain INPUT_tun0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- tun0 * 0.0.0.0/0 11.1.0.1 tcp dpt:3990 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 `
If I add iptables -I INPUT -d 192.170.1.0/24 -j ACCEPT then i get a TCP RESET error.
iptables -I INPUT -d 192.170.1.0/24 -j ACCEPT
To be noted that this config works perfectly if my splash page is on the internet. Once authenticated i can access my internal lan.
my config:
`HS_WANIF=enp1s0 # WE ALSO Need to specify this HS_LANIF=enp5s0 # Subscriber Interface for client devices
HS_NETWORK=192.168.182.0 HS_NETMASK=255.255.0.0 HS_UAMLISTEN=11.1.0.1 HS_UAMPORT=3990 HS_UAMUIPORT=4990 HS_DYNIP=192.168.182.0 HS_DYNIP_MASK=255.255.255.0 HS_STATIP=192.168.182.0 HS_STATIP_MASK=255.255.255.0 HS_DNS_DOMAIN=waveloc.com HS_DNS1=8.8.8.8 HS_DNS2=8.8.4.4 HS_NASID=SERVER HS_RADIUS=192.170.1.1 HS_RADIUS2=192.170.1.1 HS_UAMALLOW=waveloc.com,192.170.1.1 HS_RADSECRET=LETUSIN HS_UAMSECRET=xxxxxx HS_SSID=hotspot-express HS_UAMFORMAT=http://192.170.1.1/cake3/rd_cake/dynamic-details/chilli-browser-detect/ HS_MACAUTH=on HS_TCP_PORTS="80 443" HS_LOC_NAME="My HotSpot" HS_DHCPLISTEN=192.168.182.1 HS_DHCPIF=enp5s0 HS_SESKEEPALIVE=on HS_ACCTUPDATE=on
#HS_NATANYIP=on #HS_ANYIP=on #HS_LAN_ACCESS=allow`
I even tried #62
Thank you in advance
The text was updated successfully, but these errors were encountered:
to answer my own question,
adding this solved my issue iptables -I INPUT_tun0 -d 192.170.1.1 -j ACCEPT
now it looks like this and "works".
`Chain INPUT (policy ACCEPT 39 packets, 2351 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source 0 0 INPUT_tun0 all -- tun0 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 181 ACCEPT all -- enp1s0 tun0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tun0 enp1s0 0.0.0.0/0 0.0.0.0/0 1 324 ACCEPT all -- enp1s0 enp5s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 4 208 ACCEPT all -- enp5s0 enp1s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 0 0 DROP all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 37 packets, 82121 bytes) pkts bytes target prot opt in out source destination
Chain INPUT_tun0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- tun0 * 0.0.0.0/0 11.1.0.1 tcp dpt:3990 0 0 ACCEPT all -- * * 0.0.0.0/0 192.170.1.1 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 `
Thank you
Sorry, something went wrong.
No branches or pull requests
Good day,
On Ubuntu 20.04.5 LTS
coova-chilli 1.6
Compiled with ENABLE_DEBUG ENABLE_ACCOUNTING_ONOFF ENABLE_BINSTATFILE ENABLE_CHILLIQUERY ENABLE_COA ENABLE_RADPROXY ENABLE_CHILLIREDIR ENABLE_DHCPRADIUS ENABLE_IEEE8021Q ENABLE_IPV6 ENABLE_JSON ENABLE_LEAKYBUCKET ENABLE_STATFILE ENABLE_TAP ENABLE_TCPRESET ENABLE_UAMANYIP ENABLE_UAMUIPORT HAVE_NETFILTER_COOVA HAVE_OPENSSL
I have a problem with XT_COOVA and my iptables. (and i have no idea what I am doing)
enp1s0 = dhcp assigned (wan)
enp5s0 = 192.168.182.1/16 (coova interface)
enp6s0 = 192.170.1.1/24 (internal net)
I can not access my internal network where my splash page is. With the below iptables i just get a timeout
`Chain INPUT (policy ACCEPT 6624 packets, 578K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source
0 0 INPUT_tun0 all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 383 packets, 110K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- enp1s0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 enp1s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- enp1s0 enp5s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest
0 0 ACCEPT all -- enp5s0 enp1s0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source
0 0 DROP all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6240 packets, 4031K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT_tun0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun0 * 0.0.0.0/0 11.1.0.1 tcp dpt:3990
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 `
If I add
iptables -I INPUT -d 192.170.1.0/24 -j ACCEPT
then i get a TCP RESET error.To be noted that this config works perfectly if my splash page is on the internet. Once authenticated i can access my internal lan.
my config:
`HS_WANIF=enp1s0 # WE ALSO Need to specify this
HS_LANIF=enp5s0 # Subscriber Interface for client devices
HS_NETWORK=192.168.182.0
HS_NETMASK=255.255.0.0
HS_UAMLISTEN=11.1.0.1
HS_UAMPORT=3990
HS_UAMUIPORT=4990
HS_DYNIP=192.168.182.0
HS_DYNIP_MASK=255.255.255.0
HS_STATIP=192.168.182.0
HS_STATIP_MASK=255.255.255.0
HS_DNS_DOMAIN=waveloc.com
HS_DNS1=8.8.8.8
HS_DNS2=8.8.4.4
HS_NASID=SERVER
HS_RADIUS=192.170.1.1
HS_RADIUS2=192.170.1.1
HS_UAMALLOW=waveloc.com,192.170.1.1
HS_RADSECRET=LETUSIN
HS_UAMSECRET=xxxxxx
HS_SSID=hotspot-express
HS_UAMFORMAT=http://192.170.1.1/cake3/rd_cake/dynamic-details/chilli-browser-detect/
HS_MACAUTH=on
HS_TCP_PORTS="80 443"
HS_LOC_NAME="My HotSpot"
HS_DHCPLISTEN=192.168.182.1
HS_DHCPIF=enp5s0
HS_SESKEEPALIVE=on
HS_ACCTUPDATE=on
for testing
#HS_NATANYIP=on
#HS_ANYIP=on
#HS_LAN_ACCESS=allow`
I even tried #62
Thank you in advance
The text was updated successfully, but these errors were encountered: